Nearly a million browsers affected by more malicious browser extensions - here's what we know

7 hours ago 1

(Image credit: Generated with AI)

Researchers find 245 extensions installed on nearly a million devices
The extensions could turn devices into web scraping bots for a commercial service
Researchers warned about major security implications

A new investigation has revealed 245 browser extensions, installed on almost a million devices, have been leading a double life, as besides the operations they were designed for, they were also silently disabling key security protections in the browsers to enable paid web scraping operations.

This is according to security researcher John Tuckner from Security Annex, who found numerous extensions doing different things, from managing bookmarks, to boosting speaker volume. All of them embed a JavaScript library called MellowTel-js, which connects to an external AWS server and collects data about the user’s location, bandwidth, and browser status.

It also injects hidden iframes into the web pages users are visiting, and then loads other websites, chosen by MellowTel’s infrastructure. Furthermore, it strips web security headers, bypasses bot detection, and ultimately - shares bandwidth for profit.

Leveraging unused bandwidth

The JavaScript is tied to a company named Olostep, which promotes itself as a high-performance web scraping API that bypasses bot detection and can send out up to 100,000 parallel requests.

When paying clients submit a target website, Olostep uses the devices running affected extensions to scrape the site, effectively turning the browsers into distributed scraping bots, without the end users’ knowledge, or consent.

Ars Technica found MellowTel’s founder said the library was designed to share user bandwidth without stuffing affiliate links, unrelated ads, or collecting personal data.

“The primary reason why companies are paying for the traffic is to access publicly available data from websites in a reliable and cost-effective way,” he was cited saying, adding that extension developers receive 55%of the revenue, while the rest went to MellowTel.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Despite claims of a privacy-friendly way to monetize unused bandwidth, critics argue it exposes users to serious privacy and security risks, especially in enterprise environments. In its writeup, CyberInsider says the scale and architecture of the system makes it “ripe for abuse” by threat actors.

“The use of real browser sessions, potentially behind corporate VPNs or inside private networks, introduces profound risks. These include the potential for unauthorized internal resource access, impersonation of legitimate traffic, and degradation of browser security due to the removal of enforced headers.”

Some extensions have been removed or deactivated after being flagged for malware, while others cleaned up the controversial code in recent updates. Many remain active, and users are advised to review the full list of extensions found here.

Malicious Google Chrome and Edge extensions downloaded more than 2 million times - here's how to stay safe from being tracked online
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article