MOUNTAIN VIEW, CA: Internet giant Google has highlighted deceptive ad injection as "a significant problem" on the web, with major retailers among those unwittingly paying for traffic to their sites.

Ad injectors are programs that insert new ads, or replace existing ones, into pages visited while browsing the web. Google described them as "yet another symptom of 'unwanted software' – programs that are deceptive, difficult to remove, secretly bundled with other downloads, and have other bad qualities".

It said it had already received more complaints about this than anything else during 2015, having previously set out to quantify the extent of the trouble.

A custom-built ad injection "detector" for Google sites helped it identify instances of ad injection "in the wild" over several months in 2014.

It reported that "ad injection has entrenched itself as a cross-browser monetization platform impacting more than 5% of unique daily IP addresses accessing Google – tens of millions of users around the globe".

A total of more than 50,000 browser extensions and more than 34,000 software applications could take control of users' browsers and inject ads.

More than of 30% of these packages, it said, were "outright malicious" – stealing account credentials, hijacking search queries, and reporting a user's activity to third parties for tracking.

The software responsible for this activity was distributed by a network of perhaps 1,000 affiliates while 25 businesses – Superfish and Jollywallet were named as the most popular – provided "injection libraries"; more than three quarters of injected ads went through just three ad networks, identified as,, and

Brands and publishers both suffered, said Google, the former unwittingly paying for traffic and the latter not being compensated for these ads.

It added that it had removed 192 deceptive Chrome extensions that affected 14m users with ad injection from the Chrome Web Store while updated AdWords policies had made it more difficult to promote unwanted software.

The latter appeared to be having an effect as the number of 'Safe Browsing' warnings that users receive in Chrome after clicking AdWords ads had dropped by more than 95%.

Data sourced from Google; additional content by Warc staff