back to article Gasp! Google Chrome kills uBlock, Adblock ad filters – grab the pitchfo- no wait, it's OK: They were evil fraud clones

On Wednesday, Google nuked two ad-blocking Chrome extensions that appear to have been designed to conduct affiliate-marketing fraud. The extensions, AdBlock and uBlock, were singled-out on Monday by AdGuard, a maker of ad blocking software that was founded in Russia and is based in Cyprus. Andrey Meshkov, co-founder and CTO …

  1. Blockchain commentard

    If the bad app waits 55 hours to start defrauding and goes to sleep when the developer console opens, how will hashing the code stop it?

    1. PerlyKing

      Multiple attack vectors

      It wouldn't stop that particular app, but would catch others. Until the bad guys come up with another wheeze....

    2. iron Silver badge

      Its also going to have a problem with every single update legitimate devs publish for their legitimate extensions. The mentioned security bod has no idea what he's talking about or is misquoted somehow.

      1. Dvon of Edzore

        Legitimate apps update through the app store, which also updates the signature. Sneaky apps update themselves through sneaky channels (that's what sideload means) to bypass any app store checks, and would not update the official signature.

        1. LeahroyNake

          My mobile AV provider Sophos 'side loads' the threat definitions rather than go through the Play Store.

          Why? because its quicker and they don't have to submit a new App to the store several times a week / day / hour. If you are using sandstorm or similar the updates sometimes happen every few minutes. That's why it works and blocks live and evolving threats. If you waited for usual app update requirements... By default on my phone, over 50% charge or plugged in and connected to WiFi... That could be days before you are protected.

  2. Pigeon

    Shiver me timbers

    Polish up the yardarm. Keel'aulin aint good enough fur these scurvy dogs.

    I need extra rum now Ive sprayed ter olde keyboard.

  3. Wellyboot Silver badge

    Currently there's no easy way to prevent these with the average user.

    The name looks like what I was told to install - yes

    Millions of downloads - yes

    Appears to work - yes

    Off the top of my head a unique ref. generated by the store and sitting above the name would help, we could then tell people to download the extension with ref xxxx - or is that too easy?

    1. LeahroyNake

      Perfectly good idea as long as its just numbers and not extension : 0oi1I|_-jJ#/\

      You get the idea :)

  4. Anonymous Coward
    Anonymous Coward

    AdBlock and similar domain name

    I received a text message that claimed to be from my phones data provider asking me if I wanted to opt-out of targeted advertising.

    The text message contained a regular http link with a similar looking domain to my data provider.

    Using wget on a Linux VM pulled down a domain parking service which contained an API key which would have allowed an "ad" to bypass AdBlock.

    Doing some DuckDuckGo searches brought me to an article from ThreatPost that confirmed my finding and suspicions:

    I'm not sure what good an ad blocker is if it just sells keys to unscrupulous advertisers/malvertisers to bypass it's blocks.

  5. Cuddles

    Who copied whom?

    Hang on, I'm pretty sure Adblock Plus is called that because it was an improved version of the original Adblock. Same for uBlock Origin, which is a fork of the original uBlock. It's certainly possible the removed apps are malicious imposters, but that can hardly be seen just from the names which are actually the original ones, with the names of the popular add-ons they're supposedly similar to being the copies.

    1. somini

      Re: Who copied whom?

      uBlock Origin is the original uBlock, forked after gorhill mistakenly passed the torch to a crummy person.

  6. stu 4

    @Cuddles - both stories are a bit more complicated than that. And both Adblock Plus (sells 'pass' to advertisers to let their ads through), and ublock (stole code from Raymond) are nasty bits of work. I advise everyone to go with uBlock Origin - it's great. even if on my mac it now tells me 'it will slow down web browsing' - will it buggery - it cleans up a massive amount of trash tracking and ads that safari is otherwise happy to allow.

  7. Anonymous Coward
    Anonymous Coward

    Adguard browser extension works better on firefox than ublock origin for some reason. Can't get over the Russian thing, though.

  8. heyrick Silver badge

    as soon as the browser's developer console gets opened

    How, and more importantly why, is the browser reporting back the status of its developer console to code that the browser is running? Code doesn't need to know that, and this is a good example of why.

    1. jackofalltrades

      Re: as soon as the browser's developer console gets opened

      Same reason that onmouseblahblah, onrightblahblah handlers are allowed to disable features of the browser, and thus people have to install stuff like RightToClick? Seriously though, I saw early on in Android browsers (especially Chrome!) that you had some site load up a prompt that you thing couldn't get out of. The scummy people would often make the prompt ask you to call some tech support scam number to 'get back your phone'.

      In the old days, you had replacement of status bar messages, blink tag, popups and blockers, window resizing/moving, removing address bar, loading ActiveX plugins by default, drive-by-installing, and so on. All invented by the same kind of thinking that you're talking about. "Should I?" doesn't even occur to people with that thinking.

  9. IGnatius T Foobar !

    Easiest ad blocker

    You'd be surprised how many of the most obnoxious ads can be blocked simply by setting all of Facebook's domains to in your hosts file. Seriously, try it without any ad blocker on and you'll be impressed.

    This has the side effect of making your computer unable to access Facebook itself, but that's a feature, not a bug.

  10. IGotOut Silver badge

    I wonder how long it would be..

    ..before a browser called Chrome Google was taken down?

    About 0.0000001 seconds I think. But rip off another name and cintent (just look at the candy crush type fakes) and you're good to go.

  11. Paul Hampson 1

    There is still an "Adblock" on the web store

    There is still an "Adblock" on the web store so it is a bit confusing what the problem is, as apparently is is the most used addon (60 million users or something)

    1. somini

      Re: There is still an "Adblock" on the web store

      And another uBlock:

  12. Qumefox

    What I find funny here is that manifest v3 is going to kill all the decent legitimate adblockers, and the malicious fake ones will likely continue to work just fine, since they're not actually blocking ads.

  13. ultenhiemer

    They're laughing at us!

    Wow, that scum behind those fake adblockers are laughing at us all the way to the bank... I'm lucky that I've always done my research and never came across them. I'm currently using Nano Adblocker/Defender.

    If they made millions every week then surely the actual advertisers should find, sue and put them in prison to get their money back... Probably not.

  14. the Jim bloke

    The problem

    is that Google has more in common with the criminals than with the users.

    Googles interests arent served by promoting security and privacy, and utilities which protect the public probably have a larger effect on Googles bottom line than the skimming carried out by various independent predators/parasites.

    Google would doubtless like to be the only predator in the pond, but it isnt worth their time to make it so.

  15. Aseries

    ADs blocking vs. avoidance

    I don't use dedicated AD Blockers but I do use facilities built into browsers. Most have some settings to help. I also like DUCK DUCK GO that suppresses tracking. Beyond that I avoid certain sites. One example is COMPUTERWORLD, mainly just a mass of sidebars stuffed with Ads. Also avoid the Lists of X this and that, nothing more than Click-Bait.

  16. JoMe

    founded in Russia

    The three words that engender immediate trust and respect for civil and ethical responsibility...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like