This involved providing different locations to which private user browsing data should be uploaded and lists of advertisements to be fed to the browser.Īccording to the report, authored jointly by Jamila Kaya and Duo Security information security engineer Jacob Rickerd, this primary malicious behavior resulted in users regularly getting fed new redirector domains leading to both 'benign' and illegitimate advertising streams.
Using a scam methodology that involved redirecting the browser to a whole bunch of domains, and then onto one of a number of malicious control servers to direct the fraud itself. They initially discovered that 70 Chrome web browser extensions, which had been installed by at least 1.7 million users, were obfuscating malicious advertising functionality from those unknowing users.
The fraud campaign was unearthed in a joint operation between Cisco's Duo Security team and an independent security researcher, Jamila Kaya. Digging into Chrome web browser extension fraud
