More than 20 million Google Chrome users may be using fake ad blocking software.

That’s apparent after a security researcher found five examples that while actually blocking ads as advertised, stole user information and manipulated web browsing instead.

The discovery, made by AdGuard Software Ltd. researcher Andrey Meshkov Tuesday, involved fake ad blocking Chrome extensions that used code stolen from legitimate ad blocking services, such as AdGuard itself, bundled with additional nefarious code.

That code varied among the fake ad blockers, but in the most prominent example included text files with obfuscated scripts that could keep track of every request made by the victim, as well as the ability to communicate with a command-and-control server to send data back to the browser.

Fake extensions and applications are not a new problem, as is seen time and again when it comes to Android apps. Where this incident differs is the success of those behind the fake Chrome extensions not only to have them listed but also to get them into the top positions in the Chrome Web Store search results.

Explaining that while previously those behind malicious apps in the Chrome Web Store would usually use other companies names, Meshkov said that they have “got smarter now” in that “instead of using tricky names they now spam keywords in the extension description trying to make to the top search results. Apparently, being in the top is enough to gain trust of casual users.”

The most popular app, named AdRemover for Google Chrome™ (with the trademark tag for added legitimacy) had been downloaded more than 10 million times, while the next two fake apps came in at 8 million-plus and 2 million-plus installations each.

Google moved promptly to remove the malicious apps from the Chrome Web Store. But the mere fact they were not only listed but ended up being the top rated results, rightfully raises questions about Google’s filter process for the store.

“With the current state of things, surfing through the Chrome’s Web Store is like walking through a minefield,” Meshkov concluded. “So here’s my advice: If you want to install an extension, think twice. And then think twice again.”

Image: AdGuard