500 Chrome extensions secretly uploaded private data from millions of users

Found on Ars Technica on Friday, 14 February 2020

The extensions were part of a long-running malvertising and ad-fraud scheme that was discovered by independent researcher Jamila Kaya. She and researchers from Cisco-owned Duo Security eventually identified 71 Chrome Web Store extensions that had more than 1.7 million installations.

“This was done in order to connect the browser clients to a command and control architecture, exfiltrate private browsing data without the users’ knowledge, expose the user to risk of exploit through advertising streams, and attempt to evade the Chrome Web Store’s fraud detection mechanisms.”

The discovery of more malicious and fraudulent browser extensions is a reminder that people should be cautious when installing these tools and use them only when they provide true benefit.

People should have learned by now not to install random things they find online; plugins can be just as bad as everything else.

Browse all articles« Previous « » Next »