Malicious Chrome Extension Performs Hidden Affiliate Hijacking

Socket's Threat Research Team discovered a deceptive Chrome extension, Amazon Ads Blocker, which falsely markets itself as an ad-blocker for Amazon sponsored content but primarily functions to hijack affiliate links. By injecting the developer's affiliate tag, "10xprofit-20," into Amazon product links, the extension overrides existing affiliate tags from content creators, depriving them of commissions. The extension's Chrome Web Store disclosure misleadingly describes it as a tool that provides discounts or deals, which it does not, violating Google's policy requiring user benefit and accurate disclosure. This practice mirrors the affiliate hijacking tactics seen in the PayPal Honey incident, prompting Google to update its policies in June 2025. Despite providing the advertised ad-blocking feature, the extension automatically modifies links without user consent, combining unrelated functionalities in violation of the Single Purpose policy. Such deceptive practices raise concerns about similar patterns in other extensions, emphasizing the need for accurate disclosures and adherence to policy requirements for using affiliate links. Users are advised to uninstall the extension and verify the legitimacy of installed extensions, while security teams are encouraged to report discrepancies to the Chrome Web Store and monitor for policy violations.