Adblockers installed 300,000 times are malicious and should be removed now

Discussion in 'Headline News' started by RickAgresta, Oct 23, 2020.

  1. RickAgresta

    RickAgresta Peanut, leader of the Peanutty Forces

    Messages:
    21,762
    Likes Received:
    19,139
    Trophy Points:
    288
    If you have Chromium versions of Nano Adblocker or Nano Defender, pay attention.

    Adblocking extensions with more than 300,000 active users have been surreptitiously uploading user browsing data and tampering with users’ social media accounts thanks to malware its new owner introduced a few weeks ago, according to technical analyses and posts on Github.

    Hugo Xu, developer of the Nano Adblocker and Nano Defender extensions, said 17 days ago that he no longer had the time to maintain the project and had sold the rights to the versions available in Google’s Chrome Web Store. Xu told me that Nano Adblocker and Nano Defender, which often are installed together, have about 300,000 installations total.


    Four days ago, Raymond Hill, maker of the uBlock Origin extension upon which Nano Adblocker is based, revealed that the new developers had rolled out updates that added malicious code.

    The first thing Hill noticed the new extension doing was checking if the user had opened the developer console. If it was opened, the extension sent a file titled "report" to a server at https://def.dev-nano.com/. “In simple words, the extension remotely checks whether you are using the extension dev tools—which is what you would do if you wanted to find out what the extension is doing,” he wrote.

    The most obvious change end users noticed was that infected browsers were automatically issuing likes for large numbers of Instagram posts, with no input from users. Cyril Gorlla, an artificial intelligence and machine learning researcher at the University of California in San Diego, told me that his browser liked more than 200 images from an Instagram account that didn’t follow anyone. The screenshot to the right shows some of the photos involved.

    Nano Adblocker and Nano Defender aren’t the only extensions that have been reported to tamper with Instagram accounts. User Agent Switcher, an extension that had more than 100,000 active users until Google removed it earlier this month is reported to have done the same thing.

    Many Nano extension users in this forum reported that their infected browsers were also accessing user accounts that weren’t already open in their browsers. This has led to speculation that the updated extensions are accessing authentication cookies and using them to gain access to the user accounts. Hill said he reviewed some of the added code and found that it was uploading data.

    “Since the added code was able to collect request headers in real-time (through websocket connection I guess), this means sensitive information such as session cookies could be leaked,” he wrote in a message. “I am not a malware expert so I can't come up with *all* that is possible when having real-time access to request headers, but I do get that it's really bad.”

    link to article here:
    https://arstechnica.com/information...ht-stealing-user-data-and-accessing-accounts/
     
    scjjtt likes this.
  2. headcronie

    headcronie Greyscale. Nuff Said. Super Moderator

    Messages:
    14,447
    Likes Received:
    6,038
    Trophy Points:
    113
    No... just... no... I feel as though browser extensions are the new malware. People install them without any understanding of what they're doing. I can't enunciate how much I hate these things... *sigh*
     
    scjjtt and RickAgresta like this.
  3. EdmundDantes

    EdmundDantes Mobile Deity

    Messages:
    2,510
    Likes Received:
    2,588
    Trophy Points:
    288
    It is terrible. I haven't installed a new extension in some time; but I have to say, I've been looking for a new YouTube Downloader and all the options seem a bit sketchy. Either 5-star or 1-star reviews saying they work or don't work at all.
     
    scjjtt likes this.

Share This Page