Google Study Exposes “Tangled Web” Of Companies Profiting From Ad Injection

Ad injector network makes victims of millions of users and more than 3,000 advertisers, including major brands, study finds.

Chat with MarTechBot
browser infected with ad injectors example

Example of a browser infected with ad injectors.

More than 3,000 advertisers, including major brands such as Sears, Walmart, Target and Ebay have been victims of ad injection software according to a new study from Google and the University of California, Berkeley and Santa Barbara.

Ad injectors, the nuisance and sometimes malicious programs insert unwanted ads into web pages, have long plagued the industry, costing publishers ad revenue and leading advertisers to pay for traffic from ads they didn’t intend to buy.

The study aims to shed light on the network of companies that profit from these ads and raise awareness about the ubiquity of the problem — Google says it has received more than 100,000 complaints from users about ad injectors in Chrome since the beginning of 2015 alone — in hopes the industry can come up with ways to fight back.

Here’s how it works:

The ad injectors comes in the form of browser extensions and software applications that infect a user’s browser. Google found more than 50,000 browser extensions and 34,000 software applications that had hijacked user’s browsers to inject ads. In nearly 30 percent cases, the software bundles were “outright malicious”, not only injecting ads but stealing account credentials, hijacking users’ search queries and reporting user activity to third parties for tracking purposes.

Google found the ad injector software being distributed onto users computers by 1,000 affiliate businesses, including known adware browser extensions, Crossrider, Shopper Pro and Netcrawl. These companies aim to spread as many ad injector software downloads as possible in a number of ways, including bundling their applications with popular downloads (who hasn’t fallen victim to the pre-checked box for an add-on during a software download?), blatant malware distribution and extensive social media campaigns. They then collect affiliate fees when users click on injected ads.

The ad injectors get the ads from about 25 ad injection library companies such as Superfish and Jollywallet, which in turn source and target ads from relationships with a handful of ad networks and shopping programs. It’s these libraries that pass on a fraction of the profits to the affiliates.

Google found that 77 percent of all injected ads originated from just one of these three ad networks:, and

The reach of this network of operators is enormous. Using a custom built ad injection detector on Google sites over several months in 2014, the research team found that 5.5 percent of unique IP addresses — representing millions of users — accessed Google sites that had some form of injected ads.

And, Macs are not immune. The study shows that 3.4 percent of page views on Macs and 5.1 percent on Windows machines showed clear signs of ad injection software.

Google says it has taken 192 deceptive Chrome browser extensions that had affected 14 million users with ad injection out of the Chrome Web Store and added new user protections to the store and beefed up policies in AdWords and AdX to help keep ad injectors out of its advertising platforms among other efforts.

The researchers will present the full report later this month at the IEEE Symposium on Security & Privacy.

Opinions expressed in this article are those of the guest author and not necessarily MarTech. Staff authors are listed here.

About the author

Ginny Marvin
Ginny Marvin was formerly Third Door Media’s Editor-in-Chief, running the day-to-day editorial operations across all publications and overseeing paid media coverage. Ginny Marvin wrote about paid digital advertising and analytics news and trends for Search Engine Land, Marketing Land and MarTech Today. With more than 15 years of marketing experience, Ginny has held both in-house and agency management positions. She can be found on Twitter as @ginnymarvin.

Get the must-read newsletter for marketers.