Illicit “ad injectors” are infecting a not-insignificant proportion of Web browsers, according to a study by Google and the University of California.
The pieces of software replace the ads you’re supposed to be seeing with different, unapproved ones, hurting not only Internet surfers, but advertisers like Amazon and Wal-Mart (and many others), as well as publishers who lose revenues, the study authors said.
Ad injectors make their way into browsers through software downloads and browser extensions. Many users might not even know their browsers are afflicted with them. Google says it has identified more than 50,000 browser extensions and 34,000 software applications that send the fraudulent ads to browsers, pushing aside the ads that were supposed to show up.
Most alarmingly, about a third of the injectors are equipped to steal account credentials and hijack Web searches, returning results meant to benefit the fraudsters. More than 1,000 networks distribute the injectors, Google said, with many of them pushed by “affiliates” who get paid some pittance whenever somebody clicks on one of the ads.
The ads come from so-called “injection libraries,” often via legitimate ad networks. Advertisers big and small end up paying for injected ads they have no knowledge of.
Sometimes, the ads appear even on Web pages, such as Wikipedia, that don’t normally feature advertisements.
Google says that so far in 2015, it has received more than 100,000 complaints about injectors in its Chrome browser. The study indicates that all the major browsers are vulnerable.
And you’re not safe if you’re on a Mac. According to the study, 5.1% of all pageviews involving injected ads came from a computer running Windows. Macs accounted for 3.4%.
Fixing the problem isn’t easy. Google says it stepping up its monitoring of extensions for Chrome to ensure that they don’t run afoul of policy. Other browser makers do the same. But with so many extensions out there, much of the responsibility falls on users themselves to be hyper-vigilant when downloading software.