Ad injection impacts users, advertisers and publishers

May 6, 2015 14:47 GMT  ·  By

A research performed by Google and the University of California, Berkeley and Santa Barbara reveals that the ad injection business employs 50,870 Chrome extensions and 34,407 Windows binaries.

Online advertising is a multi-billion business and cybercriminals are aware of the numbers, as they try to redirect a portion of the money to their pockets by serving advertisements in an aggressive manner.

Injection libraries from Superfish and Jollywallet are most prevalent

According to the results of the study, 30% of the packages carry out malicious activities, and apart from injecting ads in web browser sessions, they can also steal user credentials, hijack search queries or report user online activity to third parties.

The operators behind ad injectors rely on a complex system that involves distribution of the tools spewing out the banners, getting the injection libraries and the advertisers that fall victim to these tactics.

Google developed a solution that identifies ad injection, and for the duration of the study (between June 1 and September 30, 2014), it detected that millions of users were accessing Google websites that were tainted with illegal ads.

Among the 25 businesses offering injection libraries, Google found that Superfish and Jollywallet were top providers, as their code accounted for 3.4% and 2.4% of the monitored Google views, respectively.

An entire network is set up for the job

Spreading the nefarious packages is done via marketing, bundling it in highly popular programs, via malware or social advertising campaigns. Once the injector is installed, the ads are inserted in the web pages accessed by the victim and money is collected from the advertiser when clicks are recorded.

The online advertising system is corrupted this way, as the only ones reaping the advantages are the cybercriminals. The advertiser does not know where their banner is displayed, so they cannot estimate the success of the campaign, while the publisher is not paid because the ad is forcefully shown on their website.

Google’s effort to reduce the ad injection threat started by cleaning up Chrome Web Store and booting almost 200 extensions, which impacted on 14 million users. On the same note, the company improved the alerts popping up in Chrome when trying to download deceptive software.

Furthermore, the search giant informed advertisers of the nefarious activity and the ad networks involved.