“What’s even more important, the Chrome Web Store is an awesome distribution channel for them. “Extensions are really easy to create, they just copy an existing popular open source extension, change the code a little, add their malicious stuff on top of it, and here we go, the malware is ready,” Meshkov added. Perhaps unsurprisingly, one prime motivating factor is the desire to secretly siphon sensitive user data, including their browsing history, as well as to embroil users in ad-fraud schemes. Speaking to The Daily Swig, Meshkov said there are numerous reasons why a malicious actor might want to develop a fraudulent web extension. However, said Meshkov, the extension also contains little information about the developer, and its privacy policy is hosted on Google Docs rather than a website, leading Meshkov to question its legitimacy. Of course, all this does not prove that this extension is malicious,” the developer wrote. “It loads Google Tag Manager (which allows remote execution of arbitrary scripts) and immediately uses it to load additional scripts: analytics and a script that handles uninstall. In a separate test, the developer of AdGuard, Andrey Meshkov, found that while his ad-blocker still came out on top in a search query for ‘Adguard’, a potentially suspicious extension followed closely behind.Īfter taking a further look at the plugin, ‘Adresist adblocker’, could contain malicious code, Meshkov warned. “Seven years of never breaching user trust counts for nothing in the Chrome Web Store, sleazy extensions which are unrelated to the searched terms are listed first,” he said. Hill also noted that this issue is not present in the web stores for Firefox or Safari. Hill added: “No ‘ublock’ used anywhere in the description of these extensions, it’s a mystery as to why they are reported as top matches while uBO is not.” “Even when narrowing to ‘Extensions’, uBO is listed fourth, after those sleazy extensions (which incidentally are all based on Adblock Plus’ code – with copyright and license notices removed).” Weighing in on the tweet, Raymond Hill, the developer of uBlock Origin, said: “I’m aware of this. Read more of the latest browser security news Screenshots posted on Twitter this week show that a search result for ‘uBlock Origin’ – a web extension which has more than 10,000 users on Chrome alone – appears below multiple add-ons, some of which, it has been claimed, appear malicious.Ī test on the Chrome Web Store performed by The Daily Swig confirmed that in a search query for ‘uBlock Origin’, the plugin appears third – below rival applications ‘NBlocker’ and ‘Adtrooper adblocker’. This is according to the developers of two popular ad-blocking extensions available on the site. Suspicious browser extensions are relying on manipulating search results on the Google Chrome Web Store to rank higher than their legitimate counterparts. “This works on the DNS level and has blacklists of adverts as well as malicious URLs.Privacy add-ons uBlock Origin and AdGuard are among the affected apps This is perhaps why it's seen an increase in user numbers.”Īnother option is using something like Pi-Hole, says Wright. We’re actively working with the developer community to get feedback and iterate on the design of a privacy-preserving content filtering system that limits the amount of sensitive browser data shared with third parties."įor now, Wright thinks people should use Brave instead: “Brave is built upon Chromium so all existing Chrome plugins and even themes work on it. Google sent me a statement by email, which reads: “Chrome supports the use and development of ad blockers. It's important to note that the changes won't stop all ad blockers from working, but exactly who is affected isn't totally clear. However, Firefox has had its own issues over recent weeks. There are many users who won’t use Chrome without an ad blocker, so it will see some switch to other providers such as Firefox. “Google relies on the revenue of advertising, so one can see why they would make such a move.” “We are starting to see Google's conflict of interest arising,” Sean Wright, an independent security consultant told me. It’s annoying, to say the least, but the reason for these changes is obvious: Ads are at the heart of Google’s business model.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |