Technical overview

Ad injectors were most commonly implemented as browser extensions, which were easy to develop, maintain and distribute. After google started to ban ad injecting extensions, implementation shifted towards applications who used questionable techniques, from changing DNS and / or proxy settings in order to modify ads traffic, or injecting DLL into the browser in order to achieve MiTB and modify ads. These apps were horrible for security, as they routed traffic through untrusted servers, compromising the integrity of the browser process and installing bogus certificates. One big famous case is the lenovo / Superfish scandal, where lenovo sold laptops with the Superfish adware and its self signed certificated pre-installed.

Ad inventory characteristics

The interesting thing about all the ad inventory supply that was created by ad injectors, that it was never marked as invalid traffic. Remember, the ads were injected into a real browsers used by real humans on legitimate websites. Today, injected inventory is considered “domain spoofing” at best, if the ad injector injected into and Ad.txt enables website and do not sell the inventory through an authorized “reseller”.

Ad injections today

Probably not big as at used to be, but it’s still existing as a dark corner of the software and advertising industries. There’s even a startup called “Namogoo” that’s selling a solution to prevent ad injections to publishers. Former companies in this space such as eDakan and Cabara are now defunct.