Andrey Meshkov

Co-founder, team lead, ‘perpetuum mobile’ of Adguard. The man who defines our mission, plans, development, and simply makes Adguard what it is today.

Moscow 13 posts

Over 20,000,000 of Chrome Users are Victims of Fake Ad Blockers

According to the PageFair 2014 report, Google Chrome is a major driver of adblock growth. 20% of users discovered ad blocking by browsing “available browser extensions”. Given how popular ad blocking is, it is quite a lot. This also explains why "cloning" wide-spread ad blockers has become so popular among online crooks. Seven months ago big news broke: 37,000 users were tricked into installing a fake Adblock Plus extension.

What if I told you that thanks to poor Chrome's WebStore moderation the situation is much worse, and in reality over 20,000,000 users are affected and tricked into installing fake malicious ad blockers? »

One does not simply delete Facebook

Calls to "delete Facebook" across different social media are growing in popularity. This is users’ reaction to recent publications in media about how a certain analytics company purchased personal data of 50 Million Facebook users from one of the app’s developer, and then proceeded to use this information to influence elections and political campaigns outcomes. »

Top Cryptojackers are video streaming websites, and they do not use CoinHive

Back in December 2017, we added a mechanism that allowed users to optionally report websites whenever a cryptojacking script is detected by AdGuard. It proved useful right away and allowed us to discover the largest known cryptojacking campaign, which was being run by some popular video streaming websites. Since then we have received more than a million user reports, and now it's time to analyze them.

Over the last two months, we received over 1.3 Million reports on more than 120 thousand websites. It's important to notice that sometimes cryptojacking was detected on some legitimate websites (Google, Youtube, Instagram, etc) and this is most likely caused by malicious browser extensions or malvertising.

However, 40% (over half a million) of the reports came from just 50 domains. Let's take a deeper look into what the top cryptojackers do. »

Popular Android apps are stealing users' email addresses

Android is an awesome operating system that provides us developers with incredible capabilities. There are quite a few great apps and features Android users benefit from that are simply impossible to implement on other platforms.

Unfortunately, nothing comes free, and this wide array of capabilities is the main reason why Android is so vulnerable from privacy and security standpoints.

In our latest research, we decided to focus on the privacy issues. We took a look at the top 1000 Android apps to find out if they collect any sensitive personal data. »

The Chronicle of AdGuard

It was the best of times, it was the worst of times…

A brief prehistory (2009)

The year 2009 was a tough one. The economic crisis shook the world in 2008, and a year later its consequences were in full bloom, especially in Russia. High time to start producing paid software in a country traditionally thought of as the cradle of piracy!

It turned out later, that there is no such thing as a pirate mentality. In fact, people in any country would buy a product made well, and worth the money. »

Crypto-Streaming Strikes Back

Brief summary: while hardening AdGuard’s crypto-jacking protection, we discovered four involved popular websites (mostly streaming) with an aggregated audience of almost a billion people.

We have already told you in our blog (part 1, part 2, part 3) about the problem of stealth mining (the so-called "cryptojacking"), but this story is not going to end. Just two (!) months after its first launch, this technology has been used on thousands of websites with a total estimated traffic of a billion (!) monthly visits. Now, after an additional three weeks have passed, we must regretfully report that cryptomining has soared to even greater heights.

Ad blockers were first to respond to this new menace and implement protection against mining on websites. Thanks to the popularity of ad blockers, a significant portion of Internet users received the necessary protection in a very timely manner. Naturally, "crypto-jackers" are not pleased with this counteraction. »

Cryptojacking surges in popularity growing by 31% over the past month

More than a month has passed since our last research on this topic. We decided to check what has changed; understand the current state of in-browser crypto-mining, and its growth rate and trends.

We have collected new statistics about cryptocurrency mining on websites. This time we did not limit our search to the most popular 100K websites and tried to cover more.

»

Cryptocurrency mining affects over 500 million people. And they have no idea it is happening.

This autumn the news spread that some websites had been making money by mining cryptocurrencies in their users’ browsers. We have been among the first to add protection from this hidden activity. AdGuard users now receive warnings if a website has been trying to mine, and the users are given the option to let it continue or to block the mining script from running.

We decided to research the issue more so that we could understand its scale and impact. On the Alexa list of the top one hundred thousand websites, we looked for the codes for CoinHive and JSEcoin, the most popular solutions for browser mining in use now. »

Go spy, GO! Popular app with 200M+ users crosses the red line

UPDATED on 25.09.2017, details are in the bottom of the article

Have you ever thought that your keyboard could be a professional spy? And we are not talking about jamesbondish handsome spies from Hollywood movies, but about the overt and constant home phoning of the personal information with its future distribution to third parties. Our recent research discovered a popular Android keyboard to spy on its users, with tons of personal information being sent to remote servers and using a prohibited technique to download dangerous executable code. »

Ad blocking is under attack

Well, this is huge, so I'd like to draw your attention to what's happening right now. This is a very alarming case, and it concerns every ad blocker user.

Brief introduction into ad blocking

To understand better what's happened, you should first learn a bit more about ad blocking. Every ad blocker work is based on using so-called filters lists, which are maintained (mostly) by volunteers. That said, whichever ad blocker you use, credits for actual ad blocking belong to the filter lists maintainers. The most popular filters list is called EasyList and this is what this story is about.

Got it, so what happened?

»