Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Chrome Advertising Network Privacy Security The Internet

500 Chrome Extensions Secretly Uploaded Private Data From Millions of Users (arstechnica.com) 26

Posted by BeauHD from the sneaky-bastards dept.
More than 500 browser extensions downloaded millions of times from Google's Chrome Web Store surreptitiously uploaded private browsing data to attacker-controlled servers, researchers said on Thursday. Ars Technica reports: The extensions were part of a long-running malvertising and ad-fraud scheme that was discovered by independent researcher Jamila Kaya. She and researchers from Cisco-owned Duo Security eventually identified 71 Chrome Web Store extensions that had more than 1.7 million installations. After the researchers privately reported their findings to Google, the company identified more than 430 additional extensions. Google has since removed all known extensions. "In the case reported here, the Chrome extension creators had specifically made extensions that obfuscated the underlying advertising functionality from users," Kaya and Duo Security Jacob Rickerd wrote in a report. "This was done in order to connect the browser clients to a command and control architecture, exfiltrate private browsing data without the users' knowledge, expose the user to risk of exploit through advertising streams, and attempt to evade the Chrome Web Store's fraud detection mechanisms."

The extensions were mostly presented as tools that provided various promotion- and advertising-as-a service utilities. In fact, they engaged in ad fraud and malvertising by shuffling infected browsers through a maze of sketchy domains. Each plugin first connected to a domain that used the same name as the plugin (e.g.: Mapstrek[.]com or ArcadeYum[.]com) to check for instructions on whether to uninstall themselves. The plugins then redirected browsers to one of a handful of hard-coded control servers to receive additional instructions, locations to upload data, advertisement feed lists, and domains for future redirects. Infected browsers then uploaded user data, updated plugin configurations, and flowed through a stream of site redirections. The researchers say the campaign dates back to at least January 2019, but it's possible that the operators were active "as early as 2017."
This discussion has been archived. No new comments can be posted.

500 Chrome Extensions Secretly Uploaded Private Data From Millions of Users More

500 Chrome Extensions Secretly Uploaded Private Data From Millions of Users

Comments Filter:

  • From the ars article (Score:5, Informative)

    by bobstreo ( 1320787 ) on Thursday February 13, 2020 @09:44PM (#59726536)

    PackageTrak Promos
    ProMediaConverter Promotions
    EasyToolOnline Promos
    CrushArcade Ads
    GreatArcadeHits Ads
    ArcadeFrontier Ads
    MapsFrontier Advertising
    SuperSimpleTools Promos
    Advertisements by ArcadeYum
    PackTrackPlus Promos
    EasyToolOnline Promos
    PlayPopGames Ads
    QuickNewsPlus Promos
    GameZooks Advertisements
    PackTrackPlus Promotions
    PackTrackPlus Promotions
    MapsFrontier Advertisement Offers
    ExpressDirections Promos
    MapsTrek Promos
    ClassifiedsNearMe Promos
    MapsTrek Promos
    ClassifiedsNearMe Promos
    ExpressDirections Promos
    MapsTrek Offers
    MapsVoyage Promotions
    FreeWeatherApp Promotions
    EarthViewDirections Promotions
    MapsFrontier Advertisements
    ArcadeCookie Offers
    RecipeAlly Promos
    MapsTrek Promotions
    Offers by MapsFrontier
    GamesChill Ads
    PackTrackPlus Promotions
    MapsVoyage Ads
    Advertising by MapsFrontier
    PlayZiz Advertisements
    Advertising Offers by MapsVoyage
    MapsFrontier Advertising Offers
    FreeWeatherApp Promos
    FreeWeatherApp Advertisement Offers
    ExpressDirections Ads
    YoYoQuiz Promotions
    MapsVoyage Advertising
    MapsPilot Ad Offers
    GoFreeRadio Promos
    Advertising Offers by FreeWeatherApp
    Advertisement Offers by QuizKicks
    Ads by MapsVoyage
    JumboQuiz Advertising
    MapsScout Advertising Offers
    DeluxeQuiz Advertising
    SuperSimpleTools Promos
    Advertising by MapsPilot
    Advertisements by MapsScout
    PackageTrak Promos
    Ad offers by Froovr
    PackageTrak Promos
    GameDaddio Marketing
    DearQuiz Advertising
    Offers by MapsScout
    YoYoQuiz Advertisements
    Advertisment Offers by GameDaddio
    QuizFlavor Advertising
    Advertisements by QuizDiamond
    QuizPremium Advertisements
    CouponRockstar Offers
    MapsFrontier Promos
    Advertising Offers by MapsPilot
    PlayThunder Offers
    LoveTestPro Ad Offers

  • I would not trust anything by default with a name like "Arcade Yum". The name alone suggests crap 'games' aimed at the type of morons who dress in really scanty clothes and catfight in the check out line at Walmart (calling each other "bitch" and "whore", naturally) while people are gathered around, cellphones out, and recording the mayhem to upload to the 'net. These morons
    wouldn't know or even care that their device got owned by a botnet as long as they can still upload their selfies with the stupid cat

  • Addblock plus The rest are scams or a waste of space.
  • is going to ad.
    The "free" browser is a gateway browser to more ads...

  • I'm just glad that Firefox dropped XUL support in FF57 in favour of webextensions, because they're so much more secure. So what if had to either switch to waterfox or lose crucial functionality? At least this kind of thing is now impossible.

    Chrome should totally move to webextensions like FF did. It would totally prevent this from happ...uh...wait a minute...

    • Chrome did a much better implementation of WebExtensions than Firefox. Even if an extension requires ALL_URL permissions, the user can still configure it to work with a subset of whitelisted domains. They can also configure it work only after the user has interacted with the webpage.

    • Says the guy who installs random software on his PC and phone.

      Oh, you don't?

      They why do you assume it is any different for browser extensions?

      Yeah, the idiot who installs random crap extensions aleady has an OS filled with random crap applications. Won't change a thing.

      All WebExtensions did, was cripple the effort to "take back the web". In the most condescending, belittling asshole nanny manner.

      Also, why do you oppose natural selection anyway?

      I say more power to anyone ripping off people that are literally

      • Re: (Score:2)

        by rtb61 ( 674572 )

        At which point should google be liable for distributing this stuff. Fail once, fail ten times, fail hundreds of times, fail thousands of time, all a big meh for them, it's in beta, use at your own risk. Eventually they are going to have to be held criminally liable for failing to properly vet the stuff they distribute. This clown shown, where no major for profit distributor takes any liability for the stuff they distribute has to end. Think back just 25 years, no shop would get away with selling hundreds of

  • I mean for its users.

    Not the usees in front of it.

    Doesn't look like any of them has a problem with it.

    Or is it a "no other gods beside me" thing?

  • ... there actually are people out there who install advertising extensions? Who in their right minds goes "Oh, gee-whiz, that Internet sure is swell, but I wish it had more ads! Luckily there's an extension for that!"

  • Isn't it already bad enough that it comes from the "slurper in chief" aka Google but this sheer amount of bad extensions really does show just how bad the Chrome ecosystem is.
    I'd only install this POS on a system that was:-
    1) Only used for stuff I didn't care about and where I'm not worried about slurping. So no /. then.
    2) What never on the same network as any other of my devices
    3) AND Google paid me $10K per year for all that loveley data that I'm sending them.

    As they won't cough up the mulah, Google can g

  • Hi! I don't use many different extensions but such information will be useful for me in future. Now I use only VPN every day because I play low wagering casinos uk [gbcasinos.co.uk], I'm a big fan of gambling and these sites are really cool!

Slashdot Top Deals

And it should be the law: If you use the word `paradigm' without knowing what the dictionary says it means, you go to jail. No exceptions. -- David Jones

Close