Instead of blocking ads in browsers, the extension pumps even more junk onscreen to steal ad revenue from legitimate advertisers.

Annoyed and distracted by the incessant ads in Chrome and Opera browsers? Just download a free ad blocker extension and you may get some relief.

Except in a recent case, a free browser extension called AllBlock turned out to give ad haters even more headaches.

Cybercriminals often advertise ‘free’ apps and plugins that look legitimate. This baits more people to download software into their machine. In the recent campaign discovered by Imperva Research Labs, AllBlock was advertised as an ad blocker extension available on both Chrome and Opera browsers. 

According to Reinhart Hansen, Chief Technology Officer (Asia Pacific and Japan), Imperva: “Once downloaded, AllBlock uses its elevated installation privileges at the browser level to inject Javascript into the user’s application experience. This directs the consumer’s browser to load specific ad content pop-ups and side-bar ads where the hacker is paid per click. It’s a very underhanded and cunning way for the hacker to secure advertising revenue because the user is forced to click on the ad to make it disappear from their screen.”

The campaign targeted users of some of the largest websites, stealing clicks and advertising revenue. The originators of the attack have not been discovered, but researchers believe there is a larger campaign taking place that may utilize different delivery methods and more extensions.

Through such ad injection campaigns, cybercriminals steal advertising revenue from publishers and websites and create a terrible experience for the user—displaying annoying ads and degrading site performance—which can result in customer loss.

Worse, this particular ad injection campaign is hard to detect because the malware contains code to monitor when debugging tools are being used. It then hides its malicious activities.

The only way protection is use client-side protection that prevents unauthorized JavaScript from being able to execute.