Your browser extensions may be secretly hiding a botnet

Services approach developers with an offer that pays a lot more than simple adverts

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

One of the world’s leading cybersecurity experts has revealed how a company that was paying to include its code inbrowserextensions was actually doing so in order to mask the real IP address of its own customers, who might be using the service for nefarious purposes.

Brian Krebs, together with developer of the ModHeader browser extension, Hao Nguyen, has shared details aboutInfatica’s program, which is just one of several that pay developers to include their code within thebrowser extensions.

“For its part, Infatica seeks out authors with extensions that have at least 50,000 users. An extension maker who agrees to incorporate Infatica’s computer code can earn anywhere from $15 to $45 each month for every 1,000 active users,” shares Krebs.

Too good to refuse

Infatica is aproxy service providerthat retails rotating backconnect residential proxies. It was one of the several companies that approached Nguyen to include its code in his extension.

After failing to monetize his extension for several years, Nguyen finally relented as the Infatica offer would have made him at least $1500 a month. Plus, Infatica’s code was fairly straightforward and limited itself to just routing web requests through the browsers of Nguyen’s users.

“The end result is when Infatica customers browse to a web site, that site thinks the traffic is coming from the Internet address tied to the extension user, not the customer’s,” explains Krebs.

While Nguyen was quick to sign out of the program, after his users complained, Krebs research revealed that at least three dozen extensions are using Infatica’s code. Many of these have over 100,000 users, reveals Krebs, includingVideo Downloader Plus, which is one of the most popularChromeextensions for downloading media from several websites.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Krebs’ research once again highlights the unscrupulous use of extensions by shady services that prey on the economic vulnerabilities of extension developers. He echoes our suggestion to users to only use the bare essential third-party extensions, and be vary of any that suddenly ask for more permissions than previous versions.

Via:KrebsOnSecurity

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’