Unauthorized YouTube Ads via Plugins

Tuesday, August 20, 2013 @ 05:08 PM gHale


A California-based firm that two years ago used browser plugins to deliver ads by injecting them into Facebook and Google pages is working a similar program, researchers said.

At the time, the company, Sambreel, named the two plugins “PageRage” and “BuzzDock,” but today their names are “Easy YouTube Video Downloader” and “Best Video Downloader” which are part of a software browser tool suite provided by two subsidiaries of Sambreel, said the researchers from UK-based Spider.io.

RELATED STORIES
Browser Extensions Steal Account Info
Mac Attack: Ransomware Targets Safari
Ransomware Forces Survey on Victim
Music App a Political Android Trojan

“When a user who has installed these plugins visits youtube.com multiple display ad slots are injected across the YouTube homepage, channel pages, video pages and search results pages,” the researchers said. “These display ad slots are being bought today by premium advertisers like Amazon Local, American Airlines, AT&T, BlackBerry, Cadillac, Domino’s, Ford, Kellogg’s, Marriott, Norton, Toyota, Sprint, Walgreens and Western Union.”

In one example, the injected ad sports a fake alert saying the user should update their Java, but clicking on the “OK” button will take them to a third-party site, the researchers said.

“This sort of malvertising would be unlikely to impact YouTube users without Sambreel’s involvement. Google has strict ad-quality processes, and Sambreel’s plugins bypass these,” the researchers said. So, not only does the company hurt legitimate advertisers, but random users as well.

According to BBC News, one of the Sambreel subsidiaries said it discontinued one of the browser plugins, but that only occurred after the researchers made the company’s actions public.

A Google spokeswoman said the company is aware of the practice and banned all of them from using Google’s monetization and marketing tools.

According to Spider.io, 3.5 million people installed one of Sambreel’s YouTube-focused adware plugins before this.



Leave a Reply

You must be logged in to post a comment.