It seems that efforts being made by Google and Mozilla to safeguard their Chrome and Firefox extension store aren’t turning out to be much effective. Just a few months ago, we witnessed a frenzy of extensions being caught mining cryptocurrency using your CPUs’ power without consent.
A recent report by AdGuard Research has uncovered a massive spyware campaign that collects your browsing history. As per the estimates, about 11,000,000 users who use the malicious Chrome and Firefox extensions on Android and iOS are affected. The spyware primarily collects your entire browsing history.
The campaign in question extends to many Android apps as well, which belong to a Delaware company called “Big Star Labs.” Here’s a list of such snoopware apps and extensions:
- Block Site (app and extensions)
- Android utilities like Speed BOOSTER, Battery Saver, AppLock, Clean Droid
- Poper Blocker
While these tools claim to collect anonymized and non-personal data of the users, there are numerous ways to discover your real identity by observing your browsing history. With the increased usage of social media platforms, this process of connecting the dots has become much easier.
What makes the issue graver is that you can’t track with whom the company shares your data. These apps send the exact address of every page your open to a remote server–this kind of data collection is strictly against Google’s policies. What’s more shocking is that the privacy policies of these apps are trying to justify this collection of data.
You can read the detailed analysis of the Big Star Labs spyware campaign here.