More than 80 million Chrome users have installed one of 295 Chrome extensions that hijack and insert ads inside Google and Bing search results.
The malicious extensions were discovered by AdGuard, a company that provides ad-blocking solutions, while the company's staff was looking into a series of fake ad-blocking extensions that were available on the official Chrome Web Store.
A subsequent investigation into the fake ad blockers unearthed a larger group of malicious activity spreading across 295 extensions.
Besides fake ad blockers, AdGuard said it also found extensions posing as weather forecast widgets and screenshot capture utilities.
However, the vast majority of the malicious extensions (245 out of the 295 extensions) were simplistic utilities that had no other function than to apply a custom background for Chrome's "new tab" page.
In a technical analysis shared with ZDNet, AdGuard said all extensions loaded malicious code from the fly-analytics.com domain, and then proceeded to quietly inject ads inside Google and Bing search results.
Almost all the 295 extensions were still available on the official Chrome Web Store earlier today, when we received the list from AdGuard.
Extensions started being pulled down from the store after we reached out to Google's Web Store team and after AdGuard published a blog post detailing their findings.
The same blog post also details additional bad practices on the Chrome Web Store, such as store moderators allowing a large number of copycat extensions to clone popular add-ons, capitalize on their brands, reach millions of users, while also containing malicious code that performs ad fraud or cookie stuffing.
The full list of 295 ad-injecting extensions is available below, at the end of this article.
When Google removes an extension from the Chrome Web Store for malicious activity, the extension is also disabled in users' browsers and marked as "malware" in Chrome's Extension section.
Users still have to manually uninstall it from their browsers.