500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users

February 14, 2020

chrome extensions

Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers.

These extensions were part of a malvertising and ad-fraud campaign that’s been operating at least since January 2019, although evidence points out the possibility that the actor behind the scheme may have been active since 2017.

The findings come as part of a joint investigation by security researcher Jamila Kaya and Cisco-owned Duo Security, which unearthed 70 Chrome Extensions with over 1.7 million installations.

Upon sharing the discovery privately with Google, the company went on to identify 430 more problematic browser extensions, all of which have since been deactivated.

“The prominence of malvertising as an attack vector will continue to rise as long as tracking-based advertising remains ubiquitous, and particularly if users remain underserved by protection mechanisms,” said Kaya and Duo Security’s Jacob Rickerd in the report.

A Well-Concealed Malvertising Campaign

Using Duo Security’s Chrome extension security assessment tool — called CRXcavator — the researchers were able to ascertain that the browser plugins operated by surreptitiously connecting the browser clients to an attacker-controlled command-and-control (C2) server that made it possible to exfiltrate private browsing data without the users’ knowledge.

The extensions, which functioned under the guise of promotions and advertising services, had near-identical source code but differed in the names of the functions, thereby evading Chrome Web Store detection mechanisms.

Chrome Extensions

In addition to requesting extensive permissions that granted the plugins access to clipboard and all the cookies stored locally in the browser, they periodically connected to a domain that shared the same name as the plugin (e.g., Mapstrekcom, ArcadeYumcom) to check for instructions on getting themselves uninstalled from the browser.

Upon making initial contact with the site, the plugins subsequently established contact with a hard-coded C2 domain — e.g., DTSINCEcom — to await further commands, the locations to upload user data, and receive updated lists of malicious ads and redirect domains, which subsequently redirected users’ browsing sessions to a mix of legitimate and phishing sites.

“A large portion of these are benign ad streams, leading to ads such as Macy’s, Dell, or Best Buy,” the report found. “Some of these ads could be considered legitimate; however, 60 to 70 percent of the time a redirect occurs, the ad streams reference a malicious site.”

Beware of Data-Stealing Browser Extensions

This is not the first time data-stealing extensions have been discovered on the Chrome browser. Last July, security researcher Sam Jadali and The Washington Post uncovered a massive data leak called DataSpii (pronounced data-spy) perpetrated by shady Chrome and Firefox extensions installed on as many four million users’ browsers.

These add-ons collected browsing activity — including personally identifiable information — and shared it with an unnamed third-party data broker that passed it on to an analytics firm called Nacho Analytics (now shut down), which then sold the collected data to its subscription members in near real-time.

In response, Google began requiring extensions to only request access to the “least amount of data” starting October 15, 2019, banning any extensions that don’t have a privacy policy and gather data on users’ browsing habits.

For now, the same rule of caution applies: review your extension permissions, consider uninstalling extensions you rarely use or switch to other software alternatives that don’t require invasive access to your browser activity.

Trump Supporters Are George W Bush Supporters LARPing As Ron Paul Supporters

The Trump administration has released its official statement to Congress justifying its drone assassination of Iran’s top military official Qassem Soleimani last month. Surprising exactly zero people, the formal notification makes no mention whatsoever of any imminent threat posed by Soleimani, a direct contradiction of this administration’s previous claims defending the assassination.

“The Trump administration has been accused of lying after the publication of a new report that undermined its reasoning for assassinating Iranian General Qassem Soleimani last month,” reports Middle East Eye. “The chairman of the House Committee on Foreign Affairs said in a statement on Friday that President Donald Trump’s official notification to Congress defending the 3 January strike failed to specify an ‘imminent threat’ posed by Soleimani.”

“This official report directly contradicts the president’s false assertion that he attacked Iran to prevent an imminent attack against United States personnel and embassies,” Democratic Representative Eliot Engel of New York said.

“President Trump and top officials lied about the existence of an imminent threat to excuse his having engaged in an act of war without congressional approval,” tweetedindependent Michigan Representative Justin Amash. “For Americans’ safety, the Constitution forbids unauthorized offensive actions regardless of the president’s justification.”

Justin Amash

Pres. Trump and top officials lied about the existence of an imminent threat to excuse his having engaged in an act of war without congressional approval. For Americans’ safety, the Constitution forbids unauthorized offensive actions regardless of the president’s justification. https://twitter.com/andrewdesiderio/status/1228342740397756417 

Andrew Desiderio

JUST IN: House Foreign Affairs Committee releases Trump admin’s legal and policy framework for the Soleimani strike.

The report does not mention an “imminent threat” against Americans, despite Trump and senior officials citing one after the strike.https://foreignaffairs.house.gov/_cache/files/4/3/4362ca46-3a7d-43e8-a3ec-be0245705722/6E1A0F30F9204E380A7AD0C84EC572EC.doc148.pdf 

It has been obvious to many analysts for quite some time that the world was lied to about yet another act of war against yet another Middle Eastern nation by yet another US president; the Trump administration’s tacit admission just confirms it. Add this confirmation to the lies we were told about no US soldiers being injured by Iran’s missile retaliation against US military bases, as well as the revelation that the initial rocket strike which sparked the exchanges of violence in Iraq likely came from ISIS and not Iran-backed militias as claimed by the US.

What this means legally is that Soleimani’s assassination was a war crime. On a practical level, since the US is never prosecuted for war crimes it commits, what it means is that we now know we were lied to about an assassination which by Trump’s own admission brought us “closer than you thought” to a disastrous full-scale war.

What I personally find interesting about the destruction of the “imminent threat” narrative is that none of the many Trump supporters I spent time arguing with last month about Soleimani’s assassination ever attempted to claim that he posed an imminent threat to Americans. They’d argue that Soleimani was a bad man who deserved to die, they’d attempt to spin unfounded claims that he was directly behind the embassy attack or the aforementioned rocket strike, they’d accuse me of being a terrorist-supporting terrorist lover, but I never once encountered anyone who tried to argue that there was an imminent threat to American lives.

They made no attempt to make this argument because they knew it wasn’t a good one. They knew the Trump administration was making bogus claims that they couldn’t defend. They knew this. They just didn’t care.

Dan Maul@DanVMaul

This is very telling. I have read every single reply. Not one produced even the slightest shred of indication that he posed an imminent threat to the US.

Seriously, Stalin himself would’ve been proud of such a display of blind, unflinching acceptance of the deep state narrative. https://twitter.com/caitoz/status/1213591198465544193 

Caitlin Johnstone 

Show me your very best evidence that Soleimani posed an imminent threat to Americans and needed to be taken out immediately. Bonus points if you can explain how the evidence you provide rises to the level of proof required in a post-Iraq invasion world.

They didn’t care because they weren’t approaching the situation from any interest in truth or facts. Their sole interest was, and is always, in defending their president and promoting narratives which help ensure his re-election in November. It’s a game to them. A game of imagination which consists entirely of narratives that have little to no relationship with objective reality. They are LARPing.

Well, not all of them to be fair. There are two kinds of Trump supporters: there’s the straight-ticket Republicans who’d support an animatronic Chuck E Cheese robot as long as it had an (R) next to its name, and then there’s the so-called “populists” who say everything Trump does is secretly a brilliant strategic maneuver against the Deep State.

There’s some overlap between these two categories (neocon swamp monster Sean Hannity now posing as a swamp-fighting enemy of the Deep State is the most hilarious example), but there’s a distinction that’s worth noting. After the Soleimani assassination the straight-ticket Republicans were online acting like the Bush voters they are yelling “Yeeehaw, we kill whoever we want!”, whereas the “populists” were claiming that this was yet another strategic 4-D chess maneuver against the enemies of peace. I had one former reader sincerely attempt to argue with me that Soleimani was actually working for the Deep State, and had been protected by Obama and Hillary Clinton.

This latter category of Trump supporter is the type I generally encounter in doing what I do. Openly partisan Republicans who are honest about their partisanship tend to take little interest in writers like myself, whereas Trump supporters who see themselves as anti-establishment, anti-war and anti-propaganda often make their way into my orbit. These are also the type that my readers will generally run into for the same reason, so they’re the category of Trump supporter I’m writing about here.

When the news first broke of Soleimani’s assassination I wrote the following:

“A proportionate retaliatory strike would necessarily entail an attack on US military targets, or the military targets of US allies. If that happens, either the empire stands down or we’re looking at an all-out war of a size that is potentially almost limitless.”

And indeed that is exactly what happened. Iran did retaliate, against US military targets, injured more than 100 US soldiers, and then the US empire stood down. Trump’s reckless act of brinkmanship resulted in a dead Iranian general, a badly damaged airbase, scores of injured soldiers, a tail-between-the-legs retreat, and brought the US and Iran “closer than you thought” to war, for no real strategic benefit. Yet for days after the military exchange I was getting Trump supporters in my social media mentions telling me I’d been crazy and hysterical for warning of the risk of war.

These bizarre mental gymnastics are possible because these Trump supporters aren’t interfacing with reality in any way. They’re engaged in a weird Live Action Role-Playing (LARP) game where they pretend to be knowledgeable patriots cheering for a Ron Paul-like champion of peace and anti-authoritarianism, while in real life they’re acting exactly like garden variety Republicans cheering for a standard Republican president who’s been advancing longstanding agendas of neoconservatives and the CIA.

In real life Trump has imprisoned Julian Assange, has re-started the Cold War, has killed tens of thousands of Venezuelans with starvation sanctions, has vetoed attempts to save Yemen from US-backed genocide, is working to foment civil war in Iran using starvation sanctions and CIA ops with the stated goal of effecting regime change, has occupied Syrian oil fields with the goal of preventing Syria’s reconstruction, has greatly increased the number of troops in the Middle East and elsewhere, has greatly increased the number of bombs dropped per day from the previous administration, killing record numbers of civilians, and reduced military accountability for those airstrikes.

Every single one of these longstanding deep state agendas that Trump has advanced have been defended by Trump supporters in my social media mentions as brilliant strategic maneuvers against the deep state. Literally every single one of them, without a single, solitary exception. Every time Trump advances an evil establishment agenda and I speak out about it, I am guaranteed to receive comments explaining why the thing I’m speaking out against is actually an ingenious move by Trump against the establishment. Trump arresting Assange is actually Trump helping Assange. Trump helping the neocons is actually Trump hurting the neocons. Those sure are some elegant invisible clothes the emperor is wearing today.

Trump’s words say one thing, and his actions say something very different. He gives lip service to anti-interventionism and opposition to the swamp, and his supporters play along with the narratives he’s spoon feeding them. He’s another George W Bush, concealed by a thin overlay of narrative and imagination. But in the LARP he’s Ron Paul.

I started this job a few months before Trump took office, and ever since January 2017 I’ve been pointing out evil things this president has been doing and having Trump supporters tell me “Wait and see.”

“Calm down,” they tell me (they always want me to calm down). “Trump is doing something big here. You’ll see.”

They’ve been saying “you’ll see” for years now. Trump’s term is almost over. It’s time to admit you were wrong, guys.

You’ve been had. You were duped by narrative and empty words into supporting a garden variety Republican president who’s been advancing garden variety Republican agendas. Your anti-establishment sentiments were successfully corralled by propaganda into a standard GOP ideology with some populist-looking window dressing. You’ve been sitting very pretty lately while the Democrats make complete asses of themselves with ill-advised impeachment agendas and a scandalous primary race, but in reality you’re just as blinkered and duped as they are.

Believing that a US president is going to save you is just as dumb as believing the FBI and CIA are going to save you. Republicans have been doing the former while Democrats have been doing the latter. Both have been duped by custom-made establishment propaganda into cheering for different aspects of the establishment, and the only one who wins is that very same establishment.

Stop getting duped into believing in America’s two-handed sock puppet show. It’s always fake, and it always ends the same: all your money goes to the performers, and you get screwed. Start seeing through the illusion.

 

Avatar

This is a mildly interesting selective narrative with a few facts. Partial narratives are efficient propaganda because they contain some truth but ignore all facts contradicting the selective narrative and always ignore the broader context in

which the selective narrative is set.

Selective narrative propagandists like Caitlin also often resort to stereotype as a form of intellectual bullying. Weak, transparent narrative writers like Caitlin buttress weak narrative with stereotyping and stereotyping always appeals to small minds. Propagandists like Caitlin write to a target audience as do all propagandists.

I despised closeted homosexual and pedophile, according to Franklin victim Paul Bonacci, GHW Bush the moment I first set eyes upon him and I knew instinctively that Reagan, who was a great leader, had been forced to pick the sociopath Bush as his running mate. When John Hinkley, an Mkultra CIA asset whose family was very tight with pedo poppy Bush, tried to kill Reagan in a CIA coup similar to the coup the CIA pulled on JFK and on Nixon, my instincts were confirmed. I have always despised the fascist Bush Crime Family and abhor the Clinton and Sotero Crime Families too. I support Trump and his reelection landslide will be historic not only in magnitude of margin of victory but also for its record black vote for a Republican.

Doing what Trump is doing to defeat the deep state is nearly impossible and it got JFK, RFK, and MLK killed and Nixon, who had turned on the deep state, impeached. Trump breaks eggs to make an omelet and Soleimani was a bad egg who won’t be missed except by his family and his thug friends. Those who wear a military uniform risk death. If they don’t like it, don’t wear it. Nobody forces them to put on the uniform. The beauty of Trump’s deed is that it is hastening withdrawal of US forces from the Middle East.

  • Avatar
     

    Amazing, you are exactly the kind of Trump supporter she is describing in the article. You prove her point. No matter what idiotic action Trump takes, he is some genius paying 4D chess. Everything Johnson described that Trump has done is a fact. Hundreds of thousands dead, millions of refugees, the Middle East near total destruction. But it’s all a big plan you say. He’s got the deep state on the ropes right? Even though everything they want done he is doing eh. You say that Soleimani deserves to die because he wears a uniform defending his own country? How about all the dead civilians? They die a thousand to every soldier’s death. They deserve to die too? In your mind I guess they do because they are just brown people. That is the core of the problem with the GREAT racist American taste for war. It’s brown people far away. Who cares. What might change all that is if war was brought to it’s shores. Close up and gory. We are not talking a few bodybags from Vietnam, but millions of dead. Europeans, Russians, Syrians know all about it, whole families wiped out. They fear war. You should read Smedley Buttler’s book War is a Racket. Nothing has changed since then and if Americans don’t wise up soon they may get their comeuppance. Trump is a gangster. He may not be a Clinton or a Bush but a gangster none the less.

  • Avatar
     

    Very well said. Could not agree more.

%d bloggers like this: