A cybersecurity researcher, Sam Jadali issued a “spy DataSpii data Report”, which revealed eight browser extension that can steal sensitive data on Chrome and Firefox.
It is reported that these extensions can access the user’s GPS location, credit card information, online shopping history, and even the LAN structure of the enterprise user, API key, private source code and other trade secrets, etc., estimated to involve more than 4 million browser users.
There are 7 extensions for Chrome or other Chromium- based browsers, including Hover Zoom, SpeakIt! SuperZoom, FairShare Unlock, PanelMeasurement, Branded Surveys and Panel Community Surveys. There are also 3 extensions that support Firefox, SaveFrom .net Helper, SuperZoom and FairShare Unlock.
Among them, SpeakIt! is installed by more than 1.4 million users. FairShare Unlock has more than 1 million users, and Hover Zoom and PanelMeasurement have 800,000 and 500,000 users respectively.
These extensions are not only installed on personal devices, but also on enterprise employee’s devices. They can collect a large amount of important corporate information, including employee work, partial web content, API keys, private source code, Private LAN architecture, firewall login passwords, and business content. For example, Hover Zoom can collect hyperlinks and web resources on LAN sites.
Jadali pointed out that many well-known companies have been affected, involving Apple, Facebook, Microsoft, Amazon, and even security vendors such as Symantec, Trend Micro, FireEye and Palo Alto Networks.
It’s important to note that DataSpii is an organized behavior, and a company, sometimes called Company X, is responsible for collecting data using various extensions and then selling that information to paid or trial members. Jadali said that Company X’s website claimed to collect and sell data with the consent of the user, but Jadali asked the victim and learned that they were not notified or requested permission.
Google and Mozilla have closed these extensions remotely after receiving Jadali’s analysis report. However, Jadali believes that functional closure does not affect their continued collection of user data, and users who install these extensions are advised to delete them as soon as possible.
Published by Emerson L. Sullivan & last updated on July 22, 2019 2:12 am