Skip to main content

Your browser extensions may be secretly hiding a botnet

Privacy
(Image credit: Shutterstock / Valery Brozhinsky)

One of the world's leading cybersecurity experts has revealed how a company that was paying to include its code in browser extensions was actually doing so in order to mask the real IP address of its own customers, who might be using the service for nefarious purposes.

Brian Krebs, together with developer of the ModHeader browser extension, Hao Nguyen, has shared details about Infatica’s program, which is just one of several that pay developers to include their code within the browser extensions

“For its part, Infatica seeks out authors with extensions that have at least 50,000 users. An extension maker who agrees to incorporate Infatica’s computer code can earn anywhere from $15 to $45 each month for every 1,000 active users,” shares Krebs.

Too good to refuse

Infatica is a proxy service provider that retails rotating backconnect residential proxies. It was one of the several companies that approached Nguyen to include its code in his extension.

After failing to monetize his extension for several years, Nguyen finally relented as the Infatica offer would have made him at least $1500 a month. Plus, Infatica’s code was fairly straightforward and limited itself to just routing web requests through the browsers of Nguyen’s users.

“The end result is when Infatica customers browse to a web site, that site thinks the traffic is coming from the Internet address tied to the extension user, not the customer’s,” explains Krebs.

While Nguyen was quick to sign out of the program, after his users complained, Krebs research revealed that at least three dozen extensions are using Infatica’s code. Many of these have over 100,000 users, reveals Krebs, including Video Downloader Plus, which is one of the most popular Chrome extensions for downloading media from several websites.

Krebs’ research once again highlights the unscrupulous use of extensions by shady services that prey on the economic vulnerabilities of extension developers. He echoes our suggestion to users to only use the bare essential third-party extensions, and be vary of any that suddenly ask for more permissions than previous versions.

Via: KrebsOnSecurity

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.