Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Google Chrome extensions sold and adware/tracking behavior added without notice

November 8th 2016 in safety and privacy on the Internet

This morning I have read about four extensions, all of which have now been removed from the Chrome Store and which should have been automatically disabled if installed to Chrome: “Live HTTP Headers”, “Tab Manager”, “Appspector” and “Give Me CRX”.

The common thread is the extensions started injecting code into webpages pointing to “s3.eu-central-1.amazonaws.com/forton/*****.js”.  The goal seems to have been to inject advertising into web pages visited.

This is not the first time Chrome extensions have been sold and new advertising / tracking behavior added by the new owner without warning.  Yes, the Chrome extensions prompt for updated permission to run when the behavior was changed, but it is not clear to the average user what the implications of those new permissions are. For example, a prompt that says an application will “read and change all your data on the websites you visit” or “access your data on all websites” does not make it clear that it is also going to transmit that data to somewhere else, or inject advertising.

The new owners were seemingly able to update those apps, and get them installed onto users computers, without Google identifying and stopping the new behaviors in time – new behaviors that were apparently judged bad enough for the apps to be removed from the Chrome Web Store.

Comments are closed.

Originally reported in Germany (http://www.ndr.de/nachrichten/netzwelt/Nackt-im-Netz-Millionen-Nutzer-ausgespaeht,nacktimnetz100.html) and picked up by PCMag (http://www.pcmag.com/news/349328/web-of-trust-browser-extension-cannot-be-trusted).

From the German site (apologies for the translation errors): “In the background, however, the extension also logs and transmits the data for the surfing behavior of the user to a server abroad. A profile is created where the date, time, location, and controlled web address […]

Previous Entry

Microsoft have released a preview of their new single destination for security vulnerability information, the Security Updates Guide. Instead of publishing bulletins to describe related vulnerabilities, the new portal lets you view and search security vulnerability information in a single online database.
I quite like the Software Update Summary.
Microsoft will continue to publish bulletins while also adding information […]

Next Entry