Google: Hackers are getting in through ‘injected’ Internet ads

So-called “ad injectors” are taking over.

Google has uncovered more than 50,000 browser extensions and 34,000 apps that inject unwanted ads into users’ browsers.

{mosads}Roughly two-thirds of these were mostly an annoyance, cluttering a Web page with extra ads layered on top of one another. But the other third — over 25,000 — also delivered nefarious software that puts users at risk.

These unwanted software packages “were outright malicious and simultaneously stole account credentials, hijacked search queries, and reported a user’s activity to third parties for tracking,” said Kurt Thomas, part of Google’s Spam & Abuse Research team.

Overall, roughly 5 percent of all page views across Windows and Mac users “showed telltale signs of ad injection software,” Thomas added.

The figures are part of extensive research Google released late Wednesday on the rapidly rising problem of “adware,” software that places unwanted ads on browsers.

In March, Google said the issue had become the No. 1 complaint of Chrome users.

“The main point is clear: deceptive ad injection is a significant problem on the web today,” Thomas said.

Google has thus far culled 192 deceptive ad injector Chrome extensions that were affecting 14 million people.

These ad injectors get their ads from a number of businesses supplying “injection libraries,” Google said.

The most popular of these companies is Superfish, which both supplies ads and makes its own ad injector software. The company’s flawed software was behind the vulnerability that left PC maker Lenovo’s millions of users exposed to hackers.

Google is pushing to notify advertisers that their ads are being used deceptively. The hope is those companies will pressure the ad networks that disseminate the ads, which is often how unwanted software gets tacked on.

Google said it is tightening policies on its own service, Ad Words, one of the world’s largest ad networks.

“Ad injectors’ businesses are built on a tangled web of different players in the online advertising economy,” Thomas said. “This complexity has made it difficult for the industry to understand this issue and help fix it. We hope our findings raise broad awareness of this problem and enable the online advertising industry to work together and tackle it.”

Congress has also moved to address malicious software delivered through advertising.

A Senate Homeland Security subcommittee on investigation released a lengthy report in May 2014 that called out online advertisers for not aggressively tackling the issue.