At the time, the two plugins were named PageRage and BuzzDock, today it's Easy YouTube Video Downloader and Best Video Downloader which, according to the researchers from UK-based Spider.io, are part of a software browser tool suite provided by two subsidiaries of Sambreel.
"When a user who has installed these plugins visits youtube.com multiple display ad slots are injected across the YouTube homepage, channel pages, video pages and search results pages," the researchers noted. "These display ad slots are being bought today by premium advertisers like Amazon Local, American Airlines, AT&T, BlackBerry, Cadillac, Domino’s, Ford, Kellogg’s, Marriott, Norton, Toyota, Sprint, Walgreens and Western Union."
The company obviously earns by offering such ad placement to ad exchanges or directly to companies looking for more exposure, but the problem is that anyone can buy ad space from Sambreel, and it just so happens that malware peddlers also do.
In one example, the injected ad sports a fake alert saying that the user should do well to update their Java, but clicking on the "OK" button will take them to a third-party disreputable site.
"This sort of malvertising would be unlikely to impact YouTube users without Sambreel’s involvement. Google has strict ad-quality processes, and Sambreel’s plugins bypass these," the researchers explained. So, not only does the company hurt legitimate advertisers, but random users as well.
According to BBC News, one of the Sambreel subsidiaries stated that the offending browser plugins have been discontinued, but that seems to have happened only after the researchers made the company's actions public.
A Google spokeswoman said that the company is aware of "bad actors" such as this one and has banned all of them from using Google's monetization and marketing tools.
According to Spider.io, some 3.5 million people installed one of Sambreel’s YouTube-focused adware plugins before this, and they have surely pulled in some serious money.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.