Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Chrome Extension Caught Hijacking Users' Browsers
#1
[Image: chrome-extension-caught-hijacking-users-...2557-4.jpg]

Google removes Chrome extension that hijacked Web browsers

Google has intervened and banned the Better History Chrome extension from the Chrome Web Store after users reported that it started taking over their browsing experience and redirecting them to pages showing ads.

First signs that something was wrong appeared when users updated from version 3.9.7 to 3.9.8 after they were prompted for an extra permission to "Read and change all your data on the websites you visit."

Soon after that, users started reporting that when they clicked on an HTTP link inside a page, they would be redirected through the lnkr.us service to their desired destination, which in 50% of all cases would also open an extra page showing various types of ads. This allowed the author to monetize his extension, but also to collect analytics on users, which he could later sell to online advertisers.

Author sold Better History to another company two months ago

Users reported this happening since March 23, 2016. Confronted by angry users on the extension's GitHub repo, the extension's original author revealed that he sold the extension to an unnamed company two months ago, since version 3.9.5.

Better History, in its original version, was a Chrome extension that added extra filters to the user's Chrome History section to make it easier to view and find pages accessed in the past (screenshot below).

As it was later discovered, the extension's new owners stopped adding changes to the extension's GitHub repository, making it look to everyone like the extension never changed, but they secretly added malicious code ever since they bought the add-on.

One of the things they introduced was a new script called "common.js," which installs a proxy extension on the user's browser, used to redirect Chrome traffic.

Malicious code might be present in other extensions

Reddit user Scarazer says that this malicious code can also be found in other Google Chrome extensions such as Chrome Currency Converter, Web Timer, User-Agent Switcher, Better History, 4chan Plus, and Hide My Adblocker.

Soon after the revelations about Better History came out, users bound together and reported the extension as malware to Google's staff, who eventually removed it from their store.

From the other extensions suspected of malicious behavior, at the time of writing, only the User-Agent Switcher extension has been taken down.

Source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Baidu's Android Apps Caught Collecting and Leaking Sensitive User Data mrtrout 0 1,193 11-25-2020 , 10:08 AM
Last Post: mrtrout
  Linkury adware caught distributing full-blown malware dhruv2193 0 1,055 10-01-2020 , 11:44 AM
Last Post: dhruv2193
  Billions of Users Affected with Google Chrome Zero-Day mrtrout 0 1,075 08-15-2020 , 11:00 PM
Last Post: mrtrout
  Best web browsers for security and privacy in 2020 Mohammad.Poorya 0 1,686 05-09-2020 , 04:37 AM
Last Post: Mohammad.Poorya
  Google Issues Warning For 2 Billion Chrome Users sidemoon 1 1,882 04-19-2020 , 01:42 PM
Last Post: Mike



Users browsing this thread: 2 Guest(s)