fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Malicious Chrome Ad Blocker Injects Ads Behind The Scenes

Malicious Chrome Ad Blocker Injects Ads Behind The Scenes

The AllBlock Chromium ad blocking extension has been found to be injecting hidden affiliate links that generate commissions for the developers.

This extension is still available on Chrome’s Web Store and promotes itself as an ad blocker that focuses on YouTube and Facebook to prevent pop-ups and speed up browsing.

However, according to researchers at Imperva, the extension is actually conducting a deceptive ad-injection campaign that causes legitimate URLs to redirect to affiliate links controlled by the extension’s developers.

Ad injection is the process of inserting advertisements or links into a web page that doesn’t normally host them, allowing the scammers to make money from advertisements or redirect people to affiliate sites to earn commissions.

Also Read: September 2021 PDPC Incidents and Undertaking: Lessons from the Cases

Ad injection process
Ad injection process
Source: Imperva

In August 2021, Imperva’s researchers discovered a set of previously unknown malicious domains distributing an ad injection script.

This malicious script would send legitimate URLs to a remote server and receive a list of redirection domains as a response. If a user clicks on an altered link, the user is redirected to a different page, typically, an affiliate link.

The ad-injecting script even features evasion techniques such as excluding large Russian search engines, clearing the debugging console every 100 ms, and active detection of initialized Firebug variables.

By taking a deeper look at AllBlock, Imperva’s team found the script they were hunting for in “bg.js,” which injects code into every new tab opened on the browser.

Also Read: The 5 Important Things To Know In Security Pen Testing

URL alteration code in the script
URL alteration code in the script
Source: Imperva

To inject the malicious script, the extension would connect to an URL at allblock.net, which would return a base64 encoded script that would be decoded and injected into the webpage.

URL change
Malicious encoded script injected by extension

The developers of the extension have added several innocuous objects and variables into the malicious JavaScript snippet in an attempt to obfuscate the code execution.

How the extension is promoted is currently unclear, and Imperva believes that the scammers may also utilize other extensions in this campaign. 

“We do not believe we found the origin of the attack that led us to this discovery, likely because of the way the script was injected. The script we first observed was injected via a script tag pointing to a remote server where the AllBlock extension injects the malicious code directly to the active tab, Imperva explains in the report.

This leads us to believe that there is a larger campaign taking place that may utilize different delivery methods and more extensions.” – Imperva.

However, some IP and domain evidence attributes this extension to the Pbot campaign, which has been active since at least 2018.

This case is yet another reminder of the importance of choosing your browser extensions wisely and installing only the necessary ones.

In this case, AllBlock has excellent user reviews because its functionality as an adblocker has been properly implemented. Nonetheless, it introduces deception risks and confuses shoppers.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us