In February, when consumers filed a class-action lawsuit against the Chinese computing giant Lenovo for preloading adware on their laptops, it was the first time many people had heard the term "ad injector," a term for software that co-opts browsing activity to display targeted ads to users.
But just because people didn't know what the annoying — and potentially dangerous — preloaded pop-ups were called didn't mean they hadn't dealt with them; according to a new study conducted by Google in conjunction with the University of California, Berkeley and Santa Barbara, ad injectors are ubiquitous.
Released Wednesday, the study reveals just how pervasive and creepy the network of interests that build, pay for, and profit from ad injectors really is. They range from unwanted browser plugins like ShopperPro to browser extension tools like Crossrider to injection libraries affiliated with ad networks, like Superfish.
According to the paper, 5.5% of unique IPs accessing Google sites (a number that represents millions of users) "contain evidence of ad injection." That means millions of users are seeing ads delivered by software that in 30% of cases can be characterized as malicious; It "simultaneously stole account credentials, hijacked search queries, and reported a user's activity to third parties for tracking."
The network of software that does this is vast. The study, which collected data on more than 100 million page views, discovered 50,000 browser extensions and more than 34,000 software applications that hijacked browsers to inject ads. And users have noticed. According to the paper, complaints about ad injection were the single largest source of Chrome user complaints. A representative complaint reads, "I have some malware that is effecting Google Chrome. A pop up called Shopglider Deal appears when I hover over items on legitimate shopping sites. Also, clicking on some links I will be redirected to a totally new site; often a hoax 'survey site.'"
These programs and extensions find their way onto computers through a group of affiliate companies that promote them via everything from social media campaigns to "outright malware distribution." The companies — the study says there are more than 1,000 — make a profit every time a user clicks an injected ad.
And where do these ads originate? A dozen companies known as "injection libraries" (Superfish is one) that "manage advertising relationships with a handful of ad networks and shopping programs and decide which ads to display to users." In many cases, advertisers may have no idea that the ad network with which they've contracted is serving them traffic through untoward ad injection. That's how elaborate the process is.
Indeed, for any given injected ad, there may be multiple parties involved in its distribution. In some scenarios everyone from the developer of the injector software, to the affiliate, to the distributor of the ad injector itself is making money from the clicks they drive and in some cases may have access to your personal data.
Which is in part why Google is shining a spotlight on it. "At the highest level, we need an industry-wide discussion about what ad injection is doing," research scientist Kurt Thomas and lead author of the study told BuzzFeed News.
For its part, Google has taken steps to rid Chrome of ad injectors, including removing "deceptive extensions" from the Chrome store. But the problem extends far beyond Chrome and onto the computers of millions of people who use different browsers. It's for that reason — a glimpse at the shadowy networks that profit off of unwanted advertising, against which most users are still not protected — that the study and its findings are so chilling.