Security vendor Imperva’s research labs have found a browser extension that claims to block ads, but actually injects them into Chrome or Opera.
That code snippet talks to remote servers and downloads a payload that Imperva claims is connected to operators of an ad-injection scam.
That scam, Silland and Masas observe, pipes in ads other than those from legitimate sources that would otherwise appear on a web page. Some of those ads include affiliate links – whoever is behind this extension could be skimming commissions from netizens that click on injected ads.
Google has often said it takes the security of Chrome extensions seriously, and vets them to stop all sorts of naughtiness. It looks like those processes have
Read the article