An example of a webpage made almost unusable by injected ads

An example of a webpage made completely unusable by injected ads

A Google-sponsored study carried out by the University of California, Berkeley and Santa Barbara found “tens of millions of instances” of ad malware in the course of just a few months. In all, they found that a staggering 5.5% of unique IP addresses – representing millions of users – were affected.

Ad injection malware drops its own ads into whatever web page an infected machine displays. Revenue from these ads is filtered through ad networks, where genuine companies end up paying the bills, effectively stealing revenue that should have gone to the websites themselves.

Some of this malware goes further than simply injecting ads … 

Google reports that more than 30% of the malware detected stole account credentials, re-routed searches and tracked the activity of the user.

The numbers reported by the study are huge.

We discovered more than 50,000 browser extensions and more than 34,000 software applications that took control of users’ browsers and injected ads […]

We found about 1,000 [malware distributors and] more than 3,000 victimized advertisers—including major retailers like Sears, Walmart, Target, Ebay.

Fewer than 200 Chrome extensions alone were found to infect 14 million users.

Google said it is fighting back by removing deceptive extensions, generating browser warnings and provide a tool to clean infected copies of Chrome.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Google on YouTube for more news:

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy's favorite gear