Technical overview
Ad injectors were most commonly implemented as browser extensions, which were easy to develop, maintain and distribute. After Google has been stopped adding extensions, implementation shifted towards applications who used questionable techniques, from changing DNS and / or proxy settings in order to modify Ads traffic, or adding DLL into the browser in order to achieve MiTB and modifying Ads. These applications were horrible for security, as they routed traffic through untrusted servers, compromising the integrity of the browser process and installing bogus certificates. The most famous case is the Lenovo / Super fish scandal, where Lenovo sold laptops with the Super fish adware and its self-signed certificated pre-installed.
Ad inventory characteristics
The interesting thing about all the ad inventory supply that was created by ad injectors, that it was never marked as invalid traffic. Remember, the ads were injected into a real browsers used by real humans on legitimate websites. Today, injected inventory is considered “domain spoofing” at best, if the ad injector injected into and Ad.txt enables website and do not sell the inventory through an authorized “reseller”.
Ad injections today
Probably not big as it should be, but it’s still existing as a dark corner of the software and advertising industries. There’s even a startup called “Namogoo” that provides solution to prevent ad injections to publishers. Former companies such as eDakan and Cabara are not working anymore. The only existing of such company so far belongs to ClarityRay which was acquired by Yahoo! in 2014.
