12px13px15px17px
Date:17/02/20

Over 500 Chrome extensions secretly uploaded private data

More than 500 browser extensions downloaded millions of times from Google’s Chrome Web Store surreptitiously uploaded private browsing data to attacker-controlled servers, researchers said on Thursday.
 
The extensions were part of a long-running malvertising and ad-fraud scheme that was discovered by independent researcher Jamila Kaya. She and researchers from Cisco-owned Duo Security eventually identified 71 Chrome Web Store extensions that had more than 1.7 million installations. After the researchers privately reported their findings to Google, the company identified more than 430 additional extensions. Google has since removed all known extensions.
 
“In the case reported here, the Chrome extension creators had specifically made extensions that obfuscated the underlying advertising functionality from users,” Kaya and Duo Security researcher Jacob Rickerd wrote in a report. “This was done in order to connect the browser clients to a command and control architecture, exfiltrate private browsing data without the users’ knowledge, expose the user to risk of exploit through advertising streams, and attempt to evade the Chrome Web Store’s fraud detection mechanisms.”
 
The extensions were mostly presented as tools that provided various promotion- and advertising-as-a service utilities. In fact, they engaged in ad fraud and malvertising by shuffling infected browsers through a maze of sketchy domains. Each plugin first connected to a domain that used the same name as the plugin (e.g.: Mapstrek[.]com or ArcadeYum[.]com) to check for instructions on whether to uninstall themselves.
 
The plugins then redirected browsers to one of a handful of hard-coded control servers to receive additional instructions, locations to upload data, advertisement feed lists, and domains for future redirects. Infected browsers then uploaded user data, updated plugin configurations, and flowed through a stream of site redirections.
 





Views: 45

©ictnews.az. All rights reserved.

Facebook Google Favorites.Live BobrDobr Delicious Twitter Propeller Diigo Yahoo Memori MoeMesto






07 April 2020

07/04/20
Apple has sourced over 20 million protective masks, now building and shipping face shields

As it mobilizes its supply chain, employees, and partners to provide personal protective equipment to medical 

07/04/20
Samsung Galaxy Chromebook goes on sale April 6 for $1,000

Google has essentially owned the premium Chromebook market ever since it launched the first Chromebook

06 04 2020

06/04/20
Skype Meet Now lets you video chat without sign-ups or downloads

While some work that has been taken home can often be done solo, employees in more collaborative offices 

06/04/20
MIT develops soft, flexible neural implants that can be 3D printed on demand

The brain is one of our most vulnerable organs, as soft as the softest tofu. Brain implants, on the other hand, 

06/04/20
Apple patent: upcoming iPhones may work normally underwater

According to a recent report, an Apple patent with file number 20200104021 recently hit the web. This patent 

06/04/20
Realme TV could come with 43-inch screen

The Chinese company Realme, a well-known smartphone developer, is gradually mastering new segments of 

06/04/20
Haylou Solar Smart Watch arrives with a round dial and a 30-day battery life

Haylou (pronounced as “Hello”) is one of the first companies under Xiaomi’s ecosystem. Established in 2015

06/04/20
New Google site shows where people in a community are taking social distancing seriously — and where they’re not

Google has launched a new website that uses anonymous location data collected from users of Google products 

06/04/20
"Polyionic" material may make for better braille displays

Blind readers will likely be familiar with refreshable braille displays, in which raised dots electronically rise and fall 

06/04/20
AnTuTu releases list of top 10 best performing flagship phone for March

AnTuTu has finally published their monthly the top 10 best performing flagship phone for the month of March.