Your browser extensions may be secretly hiding a botnet
Services approach developers with an offer that pays a lot more than simple adverts
One of the world's leading cybersecurity experts has revealed how a company that was paying to include its code in browser extensions was actually doing so in order to mask the real IP address of its own customers, who might be using the service for nefarious purposes.
Brian Krebs, together with developer of the ModHeader browser extension, Hao Nguyen, has shared details about Infatica’s program, which is just one of several that pay developers to include their code within the browser extensions.
“For its part, Infatica seeks out authors with extensions that have at least 50,000 users. An extension maker who agrees to incorporate Infatica’s computer code can earn anywhere from $15 to $45 each month for every 1,000 active users,” shares Krebs.
- Here's the best VPN services around today
- We've built a list of the best security keys on the market
- Check out our list of the best password recovery services right now
Too good to refuse
Infatica is a proxy service provider that retails rotating backconnect residential proxies. It was one of the several companies that approached Nguyen to include its code in his extension.
After failing to monetize his extension for several years, Nguyen finally relented as the Infatica offer would have made him at least $1500 a month. Plus, Infatica’s code was fairly straightforward and limited itself to just routing web requests through the browsers of Nguyen’s users.
“The end result is when Infatica customers browse to a web site, that site thinks the traffic is coming from the Internet address tied to the extension user, not the customer’s,” explains Krebs.
While Nguyen was quick to sign out of the program, after his users complained, Krebs research revealed that at least three dozen extensions are using Infatica’s code. Many of these have over 100,000 users, reveals Krebs, including Video Downloader Plus, which is one of the most popular Chrome extensions for downloading media from several websites.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Krebs’ research once again highlights the unscrupulous use of extensions by shady services that prey on the economic vulnerabilities of extension developers. He echoes our suggestion to users to only use the bare essential third-party extensions, and be vary of any that suddenly ask for more permissions than previous versions.
- These are the best anonymous browsers around today
Via: KrebsOnSecurity
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.