'Webpage Screenshot' Chrome Extension Secretly Collected 1.2 Million User Data

'Webpage Screenshot' Chrome Extension Secretly Collected 1.2 Million User Data

Webpage Screenshot, a third party chrome extension was secretly collecting the user data by fooling Google's security controls, according to a report from the security firm Heimdal Security. The researchers revealed that the webpage screenshot extension download as a good program, next week, the program initiates a download of an additional code from the web, which allowed the extension to collect user data including user's IP addresses, URLs visited, files and data loaded from URLs, search queries entered and personal contact information.

Peter Kruse, founder of CSIS Security Group, said, "To avoid any security check or detection mechanism from Google, Webpage Screenshot includes a sleep function, so that the spyware-like behaviour will not be activated right away, but a week later."


Webpage Screenshot Extension - Behaviour Flow


1) The user installs the extension from Google Chrome Web Store.

2) A week later the spyware capabilities are activated, by downloading additional code from the web . This smart behaviour allows the extension to evade any security check from Google, which cannot analyze the entire code and detect its spyware features.

3) Once the extension has activated its private data collecting ability, It transmits the user data to a server located in the United States.
Google removed the extension from chrome store.
If you have already installed the webpage screenshot extension, remove it as soon as possible.

No comments

Powered by Blogger.