Date:17/02/20
The extensions were part of a long-running malvertising and ad-fraud scheme that was discovered by independent researcher Jamila Kaya. She and researchers from Cisco-owned Duo Security eventually identified 71 Chrome Web Store extensions that had more than 1.7 million installations. After the researchers privately reported their findings to Google, the company identified more than 430 additional extensions. Google has since removed all known extensions.
“In the case reported here, the Chrome extension creators had specifically made extensions that obfuscated the underlying advertising functionality from users,” Kaya and Duo Security researcher Jacob Rickerd wrote in a report. “This was done in order to connect the browser clients to a command and control architecture, exfiltrate private browsing data without the users’ knowledge, expose the user to risk of exploit through advertising streams, and attempt to evade the Chrome Web Store’s fraud detection mechanisms.”
The extensions were mostly presented as tools that provided various promotion- and advertising-as-a service utilities. In fact, they engaged in ad fraud and malvertising by shuffling infected browsers through a maze of sketchy domains. Each plugin first connected to a domain that used the same name as the plugin (e.g.: Mapstrek[.]com or ArcadeYum[.]com) to check for instructions on whether to uninstall themselves.
The plugins then redirected browsers to one of a handful of hard-coded control servers to receive additional instructions, locations to upload data, advertisement feed lists, and domains for future redirects. Infected browsers then uploaded user data, updated plugin configurations, and flowed through a stream of site redirections.
Over 500 Chrome extensions secretly uploaded private data
More than 500 browser extensions downloaded millions of times from Google’s Chrome Web Store surreptitiously uploaded private browsing data to attacker-controlled servers, researchers said on Thursday.The extensions were part of a long-running malvertising and ad-fraud scheme that was discovered by independent researcher Jamila Kaya. She and researchers from Cisco-owned Duo Security eventually identified 71 Chrome Web Store extensions that had more than 1.7 million installations. After the researchers privately reported their findings to Google, the company identified more than 430 additional extensions. Google has since removed all known extensions.
“In the case reported here, the Chrome extension creators had specifically made extensions that obfuscated the underlying advertising functionality from users,” Kaya and Duo Security researcher Jacob Rickerd wrote in a report. “This was done in order to connect the browser clients to a command and control architecture, exfiltrate private browsing data without the users’ knowledge, expose the user to risk of exploit through advertising streams, and attempt to evade the Chrome Web Store’s fraud detection mechanisms.”
The extensions were mostly presented as tools that provided various promotion- and advertising-as-a service utilities. In fact, they engaged in ad fraud and malvertising by shuffling infected browsers through a maze of sketchy domains. Each plugin first connected to a domain that used the same name as the plugin (e.g.: Mapstrek[.]com or ArcadeYum[.]com) to check for instructions on whether to uninstall themselves.
The plugins then redirected browsers to one of a handful of hard-coded control servers to receive additional instructions, locations to upload data, advertisement feed lists, and domains for future redirects. Infected browsers then uploaded user data, updated plugin configurations, and flowed through a stream of site redirections.
Views: 500
©ictnews.az. All rights reserved.Similar news
- Azerbaijani project to monitor disease via mobile phones
- Innovative educational system to be improved under presidential decree
- NTRC prolongs license of two TV and radio organizations for 6 years
- Azerbaijan establishes e-registry for medicines
- Azerbaijani museum introduces e-guide
- Nar Mobile opens “Nar Dunyasi” sales and service center in Siyazan city
- International conference on custom electronic services held in Baku
- OIC secretary general to attend COMSTECH meeting in Baku
- Azerbaijan develops earthquake warning system
- New law to regulate transition to digital broadcasting in Azerbaijan
- Azerbaijani State Social Protection Fund introduces electronic digital signature
- Intellectual traffic management system in Baku to be commissioned in December
- Tax Ministry of Azerbaijan started receiving video-addresses
- World Bank recommends Azerbaijan to speed up e-service introduction in real estate
- Azerbaijan to shift to electronic registration of real estate