Google has again been reprimanded for not spotting fake extensions impersonating popular brands in its Chrome Web Store.

The victims this time were AdBlock by AdBlock Inc (easily confused with legitimate extension AdBlock by getadblock) and uBlock by Charlie Lee (similar-sounding to uBlock.org’s uBlock or Raymond Hill’s uBlock Origin).

The impersonation was made public in a blog by rival adblocker maker, AdGuard, whose Andrey Meshkov decided to take a closer look at the fake software’s behaviour.

The short and surprising answer – they block ads – perhaps not a huge ask given that both appear to have been based on the same code as the original AdBlock.

However, according to Meshkov, 55 hours after installation, they start doing something called ‘cookie stuffing’, a common ad fraud technique.

Cookie stuffing

Normally, an eCommerce website will check cookies to work out how that user arrived at their site, paying a fee to the affiliate responsible when a purchase is made.

It’s a hidden cornerstone of the internet economy which criminals subvert by ‘dropping’ floods of cookies on to a computer to make it appear the user clicked on an affiliate ad when they didn’t.

Because only a small number of users will make a purchase from a site, the fraudsters need to sneak their cookie stuffing programs on to as many computers as possible. Writes Meshkov:

These two add-ons have more than 1.6 Million ‘weekly active users’, who were stuffed with cookies of over 300 websites from Alexa Top 10,000. It is difficult to estimate the damage, but I’d say that we are talking about millions of USD monthly.

Unchecked, it’s easy to see how this sort of scam could cost large brands a lot of money which explains why a handful of people accused of this scam in the US have ended up in jail.