RECENT cybersecurity research unveiled a significant ad-fraud campaign involving 152 malicious Chrome extensions masquerading as benign "live wallpaper" apps. These extensions, dispersed over 38 publisher accounts, logged user data and generated fake web traffic, accumulating about 105,000 installations. Using advanced evasion techniques, the threat actors manipulated Google search attribution to disguise automated traffic as organic, which misled advertisers into paying for non-genuine visits.
The mechanisms included traffic laundering strategies and anti-forensic capabilities designed to evade detection. Additionally, the extensions violated Google Web Store policies by failing to disclose their actual data usage, leading to privacy issues for users. This incident underscores the importance of scrutinizing browser extensions and emphasizes the need for vigilance against such adware threats.