AllBlock extension injects links into your computer
Internet ads are annoying. People tend to go to great lengths to avoid them if possible, which is why ad blocking software and browser extensions are so popular.
One of the more popular options is AllBlock which is a Chromium extension that is widely promoted on YouTube and Facebook. The extension touts its ability to prevent pop up ads and speed up a user's browsing experience.
Unfortunately, researchers at Imperva have recently discovered that the extension is actually injecting hidden affiliate links onto any device running the extension. These links exist solely for the purpose of generating commissions for the developers of the ad blocker.
This may be the tip of a very big iceberg
If you have AllBlock on your smart device or PC it is quietly injecting redirects to affiliate links on every browser tab you have open. Worse is that the extension was coded with some fairly advanced evasion techniques. One of the techniques includes the ability to clear the debugging console every 100ms and excluding the largest and most popular Russian search engines.
As of the writing of this piece the extension was still available on the Chrome Web Store. Based on the ongoing research the Imperva researchers believe that this script is just one of many currently in use by the group behind the malicious code.
An evaluation of IP and domain evidence points to this as being part of the Pbot campaign which has been active since at least 2018. What we may be looking at then is the tip of a very large iceberg.
Frustratingly the AllBlock extension has great reviews. It is very highly rated because it is legitimately good at what it does. Unfortunately, it's advertised function isn't all that it does which is what makes this extension so problematic.
My perspective
This underscores an important and distressing point. Sometimes even if you do your due diligence you can wind up installing something dangerous. Now is a good time to review all of the extensions you use and delete any you don't absolutely need. Check out first link under AllBlock for more info.
It is just like Admiral Ackbar said:
“It’s a trap.”
By Denis Wilson
Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter.
I am also a published author and speaker on cloud computing, work@home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.
Contact me if you would like me to speak to your association
