Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Many Chrome browser extensions do sneaky things

Jeremy Kirk | Aug. 20, 2014
An analysis by security researchers of 48,000 extensions for Google's Chrome browser uncovered many that are used for fraud and data theft, actions that are mostly undetectable to regular users.

In another example, some extensions changed or added parameters within a URL in order to accomplish affiliate fraud.

Companies such as Amazon will pay a small fee to webmasters, known as affiliates, when someone clicks a link on their website that leads to a sale. That is tracked by adding an affiliate code inside a URL.

Some extensions will swap out the legitimate affiliate code for their own, effectively gaining fraudulent credit for the sale. Since Google saw the study, it has moved to crack down on affiliate fraud in its policy governing extensions, Grier said.

They also found examples of extensions swapping out advertisements on a website for their own in order to get the fees. Sometimes extensions swapped out banner ads, injected ads into ad-free sites such as Wikipedia or overlaid ads on top of website content.

The study was also co-authored by Neha Chachra, Christopher Kruegel, Giovanni Vigna and Vern Paxson.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.