{"id":25460,"date":"2024-11-14T06:10:11","date_gmt":"2024-11-14T14:10:11","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/11\/14\/news-19190\/"},"modified":"2024-11-14T06:10:11","modified_gmt":"2024-11-14T14:10:11","slug":"news-19190","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/11\/14\/news-19190\/","title":{"rendered":"Advertisers are pushing ad and pop-up blockers using old tricks"},"content":{"rendered":"\n<p>Despite the countermeasures some services are <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/11\/chrome-pushes-forward-with-plans-to-limit-ad-blockers-in-the-future\">taking against well-known ad blockers<\/a>, lots of people now use one. This is no doubt due to increased privacy concerns around online tracking, along with the growing number of ads per site.<\/p>\n<p>And where there is money to be made, you\u2019ll find social engineering and affiliates.<\/p>\n<p>In a campaign predominantly used on media websites, we found a misleading ad that promised visitors some content they might be interested in.<\/p>\n<p>When we followed the link, we ran into one of the oldest tricks in a malvertiser&#8217;s playbook\u2014the website told us we needed something extra in order to be able to view the content.<\/p>\n<p>In the olden days, that something extra used to be video codecs or specific video players, but now we&#8217;ll be told we need a browser extension to \u201ccontinue watching in safe mode.\u201d<\/p>\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"1050\" height=\"702\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/10\/Stefan.png?w=1024\" alt=\"You need to install the Adblock Pro - Browser Extension to continue watching in safe mode\" class=\"wp-image-119404\" \/><\/figure>\n<p>Following the prompt to install Adblock Pro we found that the whole trick was set up to promote another blocker called Push Notifications Blocker.<\/p>\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"1113\" height=\"727\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/10\/push_notifications_blocker.png?w=1024\" alt=\"Push Notifications Blocker in the Chrome Web Store\" class=\"wp-image-119418\" \/><\/figure>\n<p>This one is a bit demanding when it comes to the permissions it claims to need. This isn&#8217;t always a reason for alarm (we have to ask for certain permissions to enable <a href=\"https:\/\/www.malwarebytes.com\/browserguard\">Malwarebytes Browser Guard<\/a> effectively, for example), but is something to keep an eye on.<\/p>\n<figure class=\"wp-block-image aligncenter size-full is-resized\"><img decoding=\"async\" loading=\"lazy\" width=\"466\" height=\"292\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/10\/permissions2.png\" alt=\"Push Notifications Blocker permissions\" class=\"wp-image-119420\" style=\"width:466px;height:auto\" \/><\/figure>\n<p>The prompt shown below demonstrates what the extension is supposed to do.<\/p>\n<figure class=\"wp-block-image aligncenter size-full\"><img decoding=\"async\" loading=\"lazy\" width=\"357\" height=\"186\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/10\/choices.png\" alt=\"Notificatiosn for this site are currently blocked. Do you wnat to allow them? Allow or Keep Blocking?\" class=\"wp-image-119422\" \/><\/figure>\n<p>The extension provides information about the current status of the notifications permission of the website and gives the user control to change it or keep the current setting.<\/p>\n<p>But using this extension soon shows some side effects. The browser becomes extremely slow, and other users have reported redirects happening at unexpected moments, and search results that looked off because they weren\u2019t done with the intended search engine.<\/p>\n<p>A further investigation convinced us that this extension should be classified as adware. What puzzled us is that the exact same trick on the same domain was used to promote other Chrome extensions that promised to block ads, and those extensions have earned the trust of many users.<\/p>\n<p>To us, this looks like a campaign executed by an affiliate, a company that promotes products or services from another company. If someone buys something through the affiliate&#8217;s efforts, the affiliate earns a commission.<\/p>\n<p>Certainly the irony of an ad blocker being promoted in a malvertising campaign was not lost on us.<\/p>\n<p>Malwarebytes detects Push Notifications Blocker as Adware.Redirector.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/premium\">Malwarebytes Premium Security<\/a> and <a href=\"https:\/\/www.malwarebytes.com\/browserguard\">Malwarebytes Browser Guard<\/a> block recommendedchain[.]com.<\/p>\n<hr class=\"wp-block-separator has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide\" \/>\n<p><strong>We don\u2019t just report on threats\u2014we remove them<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/for-home\">downloading Malwarebytes today<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/11\/advertisers-are-pushing-ad-and-pop-up-blockers-using-old-tricks\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> A malvertising campaign using an old school trick was found pushing to different ad blockers. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[18910,32132,32133,32,32134,10438],"class_list":["post-25460","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-ad-blockers","tag-adblocker-pro","tag-malvertsising","tag-news","tag-push-notifications-blocker","tag-threats"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25460","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25460"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25460\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25460"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25460"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25460"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}