Nasty Spyware Infects 11 Million Users: What to Do Now

Researchers have discovered a new hiding place for spyware: Chrome extensions
Credit: ShutterstockCredit: ShutterstockResearchers from ad-blocking software company AdGuard have uncovered a number "browser extensions and mobile apps" that are invisibly collecting the browsing history of over 11 million users.

Among these are productivity manager Block Site for Android, iOS and Firefox; iOS ad-blocker Adblock Prime; Chrome and Firefox extension Popper Blocker; and mouse-gesture customizer CrxMouse. (It's worth noting that the research comes from AdGuard, a competitor.)

What to Do Now

If you have any of these apps and are concerned for the security of your browsing history, we recommend disabling them immediately. This should serve as a reminder to all users going forward: Don't download apps from developers you don't know.

As a failsafe, Android users can go into Settings, look for Security and make sure Unknown Sources is toggled off.

MORE: Best Antivirus Protection for PC, Mac and Android

Insidious Extensions and Apps

The researchers found that the Chrome and Firefox extensions were sending an exact address of every page a user visited to a remote server. On iOS, the apps offered to install a Mobile Device Management profile from Safari directly to users' phones. This gave Big Star Labs access to the list of apps present on the device and user browsing history, and could also allow it to remotely install third-party apps.

The Android apps requested access to the "Accessibility Services" section of a user's settings, the section that allows users with disabilities to optimize their interactions. Once granted that access, Big Star Labs can remotely tap and swipe on a user's device, and extract page URLs from the browser's address bar.

A number of apps were doing this in direct violation of their privacy policies, many of which claimed that they anonymized ISPs associated with users, or that they didn't share browsing data with third parties.

MORE: Here's the One Gmail Setting You Should Activate Now

Who Is Behind This?

The researchers say the apps and extensions belong to a Delaware company called "Big Star Labs." This company doesn't seem to have much in the way of an internet presence, and the researchers only discovered it by perusing privacy policies.

Why is this a problem? Because of the ambiguity of the source of this tracking collection, it's unclear who exactly has your browsing data from these apps. It's also unclear who they'll be selling it to. As we learned from last year's Equifax breach, your data may be at risk even in the hands of reputable actors. 

Create a new thread in the Antivirus / Security / Privacy forum about this subject
2 comments
Comment from the forums
    Your comment
  • darkomaledictus
    Time for the Safe network to replace the internet! Go decentralization!
  • webgtlnbrgrs
    Someone once said the Government wouldn't be happy until a chip was implanted into every person. Wellllllll they don't have to, Cell phones have done it for them. They can access any and every thing about you through your Phone.... ENJOY the joke is on us ...