So-called ad injectors are programs that insert ads into pages visited in web browsers. This is harmful in many ways not only to users who are often bombarded with ads, popups and other unwanted annoyances but also webmasters and businesses who finance their sites through advertisement and advertising networks.
Google notes in a new blog post on the official Chrome blog that ad injectors are the number one complaint of Chrome users in 2015.
The company build a custom ad injector detector for Google sites and ran it on its own sites for several months in 2014. The result was that 5.5% of all unique IP addresses accessing Google sites were affected by the issue which according to Google translates to millions of users being affected by ad injectors.
During the course of the study, Google discovered more than 50,000 browser extensions and more than 32,000 software programs that would hijack the browser and inject ads on visited web pages.
According to Google, more than 30% of these were "outright malicious" and would not only inject ads but also steal account credentials, hijack search queries or track users across the web.
These extensions and programs are distributed via affiliate systems that uses various promotional methods including software bundles, advertising campaigns or malicious attacks. Affiliates earn money from user clicks on injected ads or purchases.
The ads that get injected into web pages are sourced by businesses such as Superfish or Jollywallet which bring legitimate businesses such as Walmart, Target or eBay in to the ecosystem.
Most of these businesses appear unaware of this according to Google. The company reached out to these advertisers to inform them that their campaigns are affected by ad injections.
Google removed 192 deceptive extensions from the Chrome Web Store that affected 14 million Chrome users with ad injections when using the browser.
It did improve the protection against unwanted software websites and distributions in Chrome in February and changed Adwords policies recently as well in regards to third-party download offers.
Ad injectors are bad for Google's core business. Not only is the company losing revenue when its own ads are replaced on Google properties or third-party sites using Adsense, it is also painting web advertisement in a bad light and driving users towards ad-blockers.
For webmasters and site owners, things are even dire. A user visiting an ad-filled page on Amazon may think twice about visiting the site again. In addition to that, sites lose out on advertising revenue or online sales because of these advertisements which in turn may make it difficult for them to stay in business.
Users affected by ad injectors, pop-ups or malware are asked to visit the following Google Support page which offers removal assistance.
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.