Skip to main content

500 Chrome Extensions Secretly Uploaded Private Data From Millions of Users

More than 500 browser extensions downloaded millions of times from Google's Chrome Web Store surreptitiously uploaded private browsing data to attacker-controlled servers, researchers said on Thursday. Ars Technica reports: The extensions were part of a long-running malvertising and ad-fraud scheme that was discovered by independent researcher Jamila Kaya. She and researchers from Cisco-owned Duo Security eventually identified 71 Chrome Web Store extensions that had more than 1.7 million installations. After the researchers privately reported their findings to Google, the company identified more than 430 additional extensions. Google has since removed all known extensions. "In the case reported here, the Chrome extension creators had specifically made extensions that obfuscated the underlying advertising functionality from users," Kaya and Duo Security Jacob Rickerd wrote in a report. "This was done in order to connect the browser clients to a command and control architecture, exfiltrate private browsing data without the users' knowledge, expose the user to risk of exploit through advertising streams, and attempt to evade the Chrome Web Store's fraud detection mechanisms."

The extensions were mostly presented as tools that provided various promotion- and advertising-as-a service utilities. In fact, they engaged in ad fraud and malvertising by shuffling infected browsers through a maze of sketchy domains. Each plugin first connected to a domain that used the same name as the plugin (e.g.: Mapstrek[.]com or ArcadeYum[.]com) to check for instructions on whether to uninstall themselves. The plugins then redirected browsers to one of a handful of hard-coded control servers to receive additional instructions, locations to upload data, advertisement feed lists, and domains for future redirects. Infected browsers then uploaded user data, updated plugin configurations, and flowed through a stream of site redirections. The researchers say the campaign dates back to at least January 2019, but it's possible that the operators were active "as early as 2017."


from Slashdot: News for nerds, stuff that matters https://ift.tt/2vzDFmc
via IFTTT

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

An AI Epidemiologist Sent the First Warnings of the Wuhan Virus

An anonymous reader shares a report: On January 9, the World Health Organization notified the public of a flu-like outbreak in China: a cluster of pneumonia cases had been reported in Wuhan, possibly from vendors' exposure to live animals at the Huanan Seafood Market. The US Centers for Disease Control and Prevention had gotten the word out a few days earlier, on January 6. But a Canadian health monitoring platform had beaten them both to the punch, sending word of the outbreak to its customers on December 31 . BlueDot uses an AI-driven algorithm that scours foreign-language news reports, animal and plant disease networks, and official proclamations to give its clients advance warning to avoid danger zones like Wuhan. Speed matters during an outbreak, and tight-lipped Chinese officials do not have a good track record of sharing information about diseases, air pollution, or natural disasters. But public health officials at WHO and the CDC have to rely on these very same health of...
Post a Comment
Read more

Dark Mode vs. Light Mode: Which Is Better?

Recently a well-respected UI consulting firm (the Nielsen Norman Group) published their analysis of academic studies on the question of whether Dark Mode or Light Mode was better for reading? Cosima Piepenbrock and her colleagues at the Institut für Experimentelle Psychologie in Düsseldorf, Germany studied two groups of adults with normal (or corrected-to-normal) vision: young adults (18 to 33 years old) and older adults (60 to 85 years old). None of the participants suffered from any eye diseases (e.g., cataract)... Their results showed that light mode won across all dimensions : irrespective of age, the positive contrast polarity was better for both visual-acuity tasks and for proofreading tasks... Another study, published in the journal Human Factors by the same research group, looked at how text size interacts with contrast polarity in a proofreading task. It found that the positive-polarity advantage increased linearly as the font size was decreased: namely, the smaller the fon...
Post a Comment
Read more

New Web Service Can Notify Companies When Their Employees Get Phished

Starting today, companies across the world have a new free web service at their disposal that will automatically send out email notifications if one of their employees gets phished . From a report: The service is named " I Got Phished " and is managed by Abuse.ch, a non-profit organization known for its malware and cyber-crime tracking operations. Just like all other Abuse.ch services, I Got Phished will be free to use. Any company can sign-up via the I Got Phished website. Signing up only takes a few seconds. Subscribing for email notifications is done on a domain name basis, and companies don't have to expose a list of their employee email addresses to a third-party service. Once a company's security staff has subscribed to the service, I Got Phished will check its internal database for email addresses for the company's email domain. This database contains logs from phishing operations, with emails for phished victims. from Slashdot: News for nerds, stuff tha...
Post a Comment
Read more