March 22, 2017 | by Vuk Stan

How Is Chrome Extension Linked to Click Frauds?

The best search engine in the world has come up with a lot of useful tools like Google Docs, Google AdWords, Google Chrome and so on. To be fair, Google Chrome is definitely on the top of best browsers among users. It’s fast, user-friendly and has some handy extensions.

Nonetheless, malicious criminals always find bad uses for helpful means. Chrome extensions are not exceptions and they are prone to dangers too. Well, not so much prone to dangers but exposed to being involved in illegal activities.

Computer Science Student vs. Chrome Extension

19-year-old computer science student Maxime Kjaer clicked on a link on Facebook, which directed him to a website for adults. For the age verification, the website asked to install a Chrome Extension that is supposed to, “read and change all your data on the websites you visit.” Being a computer science student, Maxime instantly figured out that the extension is just a gateway for a cyber crime.

So, Maxime went on to analyze the data to reveal the purpose of the extension. After carefully studying the codes, he noticed a script that shed light on the mysterious extension. The script aimed to download transmitted data, which programmers call payload, from an external server and use it.

As you might have guessed, the payload would later be used to perform a click fraud. In this particular case, it sent Facebook messages and directed users to a web page that had Facebook tokens, which the extension can gather and move to command-and-control server. The stolen tokens can serve a variety of purposes from false clicks to sending messages and liking posts.

Maxime Discovered Just 1 out of 10 Malicious Extensions

Among hundreds and thousands of Chrome Extensions, 10 faulty ones seem like not that big of a deal. However, the fact that Chrome Extension click frauds are an actual thing  means it can be repetitive and the number of fraud-related extensions can increase.

The hacked extension is under the "viralands.com" website and has more than 1.300.000 users. Each of these people can be the next victim of a hijack and become an unwanted clicker of an ad.

Why should you care about Maxime and his discovery? Not because he is just 19 and managed to detect a fraud involving one of the world’s most reputable companies. You need to understand that no one and no site is guaranteed to avoid ad frauds. Every now and then, false clicks will generate fraud traffic to your website and you should be prepared for it.

To make the best use of digital advertising, say boost your conversion rates via PPCs and enjoy high ROI, you need click fraud protection. The concept behind click fraud detection and prevention software like ClickGuard is accurate monitoring of the clicks.

The special algorithms written by the brilliant minds of programming allow the software to block any suspicious sources of a click, thus ensuring quality clicks.