Nearly a million browsers affected by more malicious browser extensions - here's what we know
techradar.com
- Researchers find 245 extensions installed on nearly a million devices
- The extensions could turn devices into web scraping bots for a commercial service
- Researchers warned about major security implications
A new investigation has revealed 245 browser extensions, installed on almost a million devices, have been leading a double life, as besides the operations they were designed for, they were also silently disabling key security protections in the browsers to enable paid web scraping operations.
This is according to security researcher John Tuckner from Security Annex, who found numerous extensions doing different things, from managing bookmarks, to boosting speaker volume. All of them embed a JavaScript library called MellowTel-js, which connects to an external AWS server and collects data about the user’s location, bandwidth, and browser status.
It also injects hidden iframes into the web pages users are visiting, and then loads other websites, chosen ...
Copyright of this story solely belongs to techradar.com . To see the full text click HERE