empoweb.pdf
332.3 KB
Nearly 200 extensions for Chrome and Firefox vulnerable to data theft
The extensions open internal programming interfaces for web applications. This allows a malicious Web site to access the data available to the extension. While Firefox and Opera delete the add-ons,
👉 Empowering Web Applications with Browser Extensions
Universite Cote d’Azur / Inria, Francedoliere.some@inria.fr
http://www-sop.inria.fr/members/Doliere.Some/papers/empoweb.pdf
#browser #extensions #chrome #firefox #datatheft
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN
The extensions open internal programming interfaces for web applications. This allows a malicious Web site to access the data available to the extension. While Firefox and Opera delete the add-ons,
Google checks whether the errors can be corrected
.👉 Empowering Web Applications with Browser Extensions
Universite Cote d’Azur / Inria, Francedoliere.some@inria.fr
http://www-sop.inria.fr/members/Doliere.Some/papers/empoweb.pdf
#browser #extensions #chrome #firefox #datatheft
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN
Forwarded from BlackBox (Security) Archiv
DataSpii: The catastrophic data leak via browser extensions
We present DataSpii (pronounced data-spy), the catastrophic data leak that occurs when any one of eight browser extensions collects browsing activity data — including personally identifiable information (PII) and corporate information (CI) — from unwitting Chrome and Firefox users.
Our investigation uncovered an online service selling the collected browsing activity data to its subscription members in near real-time. In this report, we delineate the sensitive data source types relevant to the security of individuals and businesses across the globe.
We observed two extensions employing dilatory tactics — an effective maneuver for eluding detection — to collect the data. We identified the collection of sensitive data from the internal network environments of Fortune 500 companies.
Several Fortune 500 companies provided an additional measure of confirmation through a process of responsible disclosure. By deploying a honeypot to monitor web traffic, we discovered near-immediate visits to URLs collected by the extensions. To address the evolving threat to data security, we propose preemptive measures such as limiting access to shareable links, and removing PII and CI from metadata.
👉🏼 https://securitywithsam.com/2019/07/dataspii-leak-via-browser-extensions/
I found your data. It’s for sale.
As many as 4 million people have Web browser extensions that sell their every click. And that’s just the tip of the iceberg.
I’ve watched you check in for a flight and seen your doctor refilling a prescription.
I’ve peeked inside corporate networks at reports on faulty rockets. If I wanted, I could’ve even opened a tax return you only shared with your accountant.
I found your data because it’s for sale online. Even more terrifying: It’s happening because of software you probably installed yourself.
My latest investigation into the secret life of our data is not a fire drill. Working with an independent security researcher, I found as many as 4 million people have been leaking personal and corporate secrets through Chrome and Firefox. Even a colleague in The Washington Post’s newsroom got caught up. When we told browser makers Google and Mozilla, they shut these leaks immediately — but we probably identified only a fraction of the problem
👉🏼 https://www.washingtonpost.com/technology/2019/07/18/i-found-your-data-its-sale/
#DataSpii #DataSpy #browser #extensions #data #leak #security #investigation #chrome #firefox
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
We present DataSpii (pronounced data-spy), the catastrophic data leak that occurs when any one of eight browser extensions collects browsing activity data — including personally identifiable information (PII) and corporate information (CI) — from unwitting Chrome and Firefox users.
Our investigation uncovered an online service selling the collected browsing activity data to its subscription members in near real-time. In this report, we delineate the sensitive data source types relevant to the security of individuals and businesses across the globe.
We observed two extensions employing dilatory tactics — an effective maneuver for eluding detection — to collect the data. We identified the collection of sensitive data from the internal network environments of Fortune 500 companies.
Several Fortune 500 companies provided an additional measure of confirmation through a process of responsible disclosure. By deploying a honeypot to monitor web traffic, we discovered near-immediate visits to URLs collected by the extensions. To address the evolving threat to data security, we propose preemptive measures such as limiting access to shareable links, and removing PII and CI from metadata.
👉🏼 https://securitywithsam.com/2019/07/dataspii-leak-via-browser-extensions/
I found your data. It’s for sale.
As many as 4 million people have Web browser extensions that sell their every click. And that’s just the tip of the iceberg.
I’ve watched you check in for a flight and seen your doctor refilling a prescription.
I’ve peeked inside corporate networks at reports on faulty rockets. If I wanted, I could’ve even opened a tax return you only shared with your accountant.
I found your data because it’s for sale online. Even more terrifying: It’s happening because of software you probably installed yourself.
My latest investigation into the secret life of our data is not a fire drill. Working with an independent security researcher, I found as many as 4 million people have been leaking personal and corporate secrets through Chrome and Firefox. Even a colleague in The Washington Post’s newsroom got caught up. When we told browser makers Google and Mozilla, they shut these leaks immediately — but we probably identified only a fraction of the problem
👉🏼 https://www.washingtonpost.com/technology/2019/07/18/i-found-your-data-its-sale/
#DataSpii #DataSpy #browser #extensions #data #leak #security #investigation #chrome #firefox
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Forwarded from BlackBox (Security) Archiv
49 New Google Chrome Extensions Caught Hijacking Cryptocurrency Wallets
Discovering Fake Browser Extensions That Target Users of Ledger, Trezor, MEW, Metamask, and More
Using a familiar phishing method to target new brands.
The 49 browser add-ons, potentially the work of Russian threat actors, were identified (find the list here) by researchers from MyCrypto and PhishFort.
"Essentially, the extensions are phishing for secrets — mnemonic phrases, private keys, and keystore files," explained Harry Denley, director of security at MyCrypto. "Once the user has entered them, the extension sends an HTTP POST request to its backend, where the bad actors receive the secrets and empty the accounts."
Motivation and Purpose
We keep an eye on the type of attacks that come to cryptocurrency users on a daily basis and often write about our findings to help educate the community. We’ve seen various types of attacks on users, ranging from simple trust-trading scams to SIM hijacking to compromising and stealing funds from exchange accounts.
Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies.
👉🏼 Read more:
https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9
https://thehackernews.com/2020/04/chrome-cryptocurrency-extensions.html
#hijacking #cryptocurrency #wallets #google #chrome #browser #extensions
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Discovering Fake Browser Extensions That Target Users of Ledger, Trezor, MEW, Metamask, and More
Using a familiar phishing method to target new brands.
The 49 browser add-ons, potentially the work of Russian threat actors, were identified (find the list here) by researchers from MyCrypto and PhishFort.
"Essentially, the extensions are phishing for secrets — mnemonic phrases, private keys, and keystore files," explained Harry Denley, director of security at MyCrypto. "Once the user has entered them, the extension sends an HTTP POST request to its backend, where the bad actors receive the secrets and empty the accounts."
Motivation and Purpose
We keep an eye on the type of attacks that come to cryptocurrency users on a daily basis and often write about our findings to help educate the community. We’ve seen various types of attacks on users, ranging from simple trust-trading scams to SIM hijacking to compromising and stealing funds from exchange accounts.
Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies.
👉🏼 Read more:
https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9
https://thehackernews.com/2020/04/chrome-cryptocurrency-extensions.html
#hijacking #cryptocurrency #wallets #google #chrome #browser #extensions
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Kiwi browser
Kiwi browser (phone chromium with extensions support) just got open sourced
https://forum.xda-developers.com/showpost.php?p=82317933
https://github.com/kiwibrowser/src
Do tell us if it compiles. Also you might want to ask the dev to submit it to FDroid
@nogoolag @libreware
#kiwi #browser #chromium #extensions
Kiwi browser (phone chromium with extensions support) just got open sourced
https://forum.xda-developers.com/showpost.php?p=82317933
https://github.com/kiwibrowser/src
Do tell us if it compiles. Also you might want to ask the dev to submit it to FDroid
@nogoolag @libreware
#kiwi #browser #chromium #extensions
Cluster of 295 Chrome extensions caught hijacking Google and Bing search results
The malicious Chrome extensions have been installed by more than 80 million users.
More than 80 million Chrome users have installed one of 295 Chrome extensions that hijack and insert ads inside Google and Bing search results.
The malicious extensions were discovered by AdGuard, a company that provides ad-blocking solutions, while the company's staff was looking into a series of fake ad-blocking extensions that were available on the official Chrome Web Store.
A subsequent investigation into the fake ad blockers unearthed a larger group of malicious activity spreading across 295 extensions.
https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results
#google #chrome #bing #extensions #hijack
The malicious Chrome extensions have been installed by more than 80 million users.
More than 80 million Chrome users have installed one of 295 Chrome extensions that hijack and insert ads inside Google and Bing search results.
The malicious extensions were discovered by AdGuard, a company that provides ad-blocking solutions, while the company's staff was looking into a series of fake ad-blocking extensions that were available on the official Chrome Web Store.
A subsequent investigation into the fake ad blockers unearthed a larger group of malicious activity spreading across 295 extensions.
https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results
#google #chrome #bing #extensions #hijack
Forwarded from BlackBox (Security) Archiv
List of compromised websites and scope of damage, by Nano Adblocker and Defender
So far from vungsung's comment, we learned that some session cookies of Nano Adblocker and Defender are stolen
Users need to logout ALL sessions of a website and login again to refresh session cookies
Changing passwords can force refresh session cookies
For further investigation by tweedge of this incident, go to #5 (comment)
Please go to #4 for rant and #3 or #2 for other issues
You may have one or more or none accounts affected depending on your luck
‼️ Websites already confirmed to be compromised ‼️
👀 Instagram
‼️ Websites that may be compromised, needs confirmation ‼️
👀 Github
👀 Microsoft account
👀 Twitch
👀 👉🏼 https://github.com/jspenguin2017/Snippets/issues/5
💡 Read as well: Nano Adblocker & Nano Defender was sold and should now be considered malware.
https://t.me/BlackBox_Archiv/1440
#adblocker #extensions #addons #malware #compromised
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
So far from vungsung's comment, we learned that some session cookies of Nano Adblocker and Defender are stolen
Users need to logout ALL sessions of a website and login again to refresh session cookies
Changing passwords can force refresh session cookies
For further investigation by tweedge of this incident, go to #5 (comment)
Please go to #4 for rant and #3 or #2 for other issues
You may have one or more or none accounts affected depending on your luck
‼️ Websites already confirmed to be compromised ‼️
‼️ Websites that may be compromised, needs confirmation ‼️
👀 Github
👀 Microsoft account
👀 Twitch
👀 👉🏼 https://github.com/jspenguin2017/Snippets/issues/5
💡 Read as well: Nano Adblocker & Nano Defender was sold and should now be considered malware.
https://t.me/BlackBox_Archiv/1440
#adblocker #extensions #addons #malware #compromised
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
GitHub
Thanks for helping new devs to selling data. · Issue #4 · jspenguin2017/Snippets
Our all cookies and sessions copied because of you
Forwarded from BlackBox (Security) Archiv
How anti-fingerprinting extensions tend to make fingerprinting easier
Do you have a privacy protection extension installed in your browser? There are so many around, and every security vendor is promoting their own. Typically, these will provide a feature called “anti-fingerprinting” or “fingerprint protection” which is supposed to make you less identifiable on the web. What you won’t notice: this feature is almost universally flawed, potentially allowing even better fingerprinting.
I’ve seen a number of extensions misimplement this functionality, yet I rarely bother to write a report. The effort to fully explain the problem is considerable. On the other hand, it is obvious that for most vendors privacy protection is merely a check that they can put on their feature list. Quality does not matter because no user will be able to tell whether their solution actually worked. With minimal resources available, my issue report is unlikely to cause a meaningful action.
That’s why I decided to explain the issues in a blog post, a typical extension will have at least three out of four. Next time I run across a browser extension suffering from all the same flaws I can send them a link to this post. And maybe some vendors will resolve the issues then. Or, even better, not even make these mistakes in the first place.
👉🏼 Contents 👈🏼
— How fingerprinting works
— How anti-fingerprinting is supposed to work
— Barking the wrong tree
— Catching all those pesky frames
— Timing woes
— The art of faking
https://palant.info/2020/12/10/how-anti-fingerprinting-extensions-tend-to-make-fingerprinting-easier/
#fingerprinting #extensions #privacy #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox
Do you have a privacy protection extension installed in your browser? There are so many around, and every security vendor is promoting their own. Typically, these will provide a feature called “anti-fingerprinting” or “fingerprint protection” which is supposed to make you less identifiable on the web. What you won’t notice: this feature is almost universally flawed, potentially allowing even better fingerprinting.
I’ve seen a number of extensions misimplement this functionality, yet I rarely bother to write a report. The effort to fully explain the problem is considerable. On the other hand, it is obvious that for most vendors privacy protection is merely a check that they can put on their feature list. Quality does not matter because no user will be able to tell whether their solution actually worked. With minimal resources available, my issue report is unlikely to cause a meaningful action.
That’s why I decided to explain the issues in a blog post, a typical extension will have at least three out of four. Next time I run across a browser extension suffering from all the same flaws I can send them a link to this post. And maybe some vendors will resolve the issues then. Or, even better, not even make these mistakes in the first place.
👉🏼 Contents 👈🏼
— How fingerprinting works
— How anti-fingerprinting is supposed to work
— Barking the wrong tree
— Catching all those pesky frames
— Timing woes
— The art of faking
https://palant.info/2020/12/10/how-anti-fingerprinting-extensions-tend-to-make-fingerprinting-easier/
#fingerprinting #extensions #privacy #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox
Almost Secure
How anti-fingerprinting extensions tend to make fingerprinting easier
Browser extensions claiming to protect against fingerprinting will typically result in more data available for fingerprinting.
Forwarded from BlackBox (Security) Archiv
Firefox for Android makes it even easier to add new browser extensions
Although Chrome dominates the mobile browser space on Android, Mozilla’s Firefox is a decent alternative with added — but limited — support for third-party extensions that make it a potential candidate for your browsing needs.
Adding new extensions has been a bit of a pain though for a while, so Mozilla has now decided to streamline the process and make it even easier to add or find browser extensions to the Android build of Firefox. Firefox 85 is set to begin rolling out from January 25, 2021, and will include the ability for Android owners to add or install extensions to their mobile browser directly from adding.mozilla.org.
While this is great news, you will still be limited to adding “official” extensions to the Android version of Firefox. The old method of adding extensions using the Add-ons Manager is likely to be removed, as Mozilla confirmed that user confusion meant this new method is being implemented.
"Previously, extensions for mobile devices could only be installed from the Add-ons Manager, which caused some confusion for people accustomed to the desktop installation flow. We hope this update provides a smoother installation experience for mobile users."
https://9to5google.com/2021/01/21/firefox-for-android-makes-it-even-easier-to-add-new-browser-extensions/
#firefox #ff #android #browser #extensions
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Although Chrome dominates the mobile browser space on Android, Mozilla’s Firefox is a decent alternative with added — but limited — support for third-party extensions that make it a potential candidate for your browsing needs.
Adding new extensions has been a bit of a pain though for a while, so Mozilla has now decided to streamline the process and make it even easier to add or find browser extensions to the Android build of Firefox. Firefox 85 is set to begin rolling out from January 25, 2021, and will include the ability for Android owners to add or install extensions to their mobile browser directly from adding.mozilla.org.
While this is great news, you will still be limited to adding “official” extensions to the Android version of Firefox. The old method of adding extensions using the Add-ons Manager is likely to be removed, as Mozilla confirmed that user confusion meant this new method is being implemented.
"Previously, extensions for mobile devices could only be installed from the Add-ons Manager, which caused some confusion for people accustomed to the desktop installation flow. We hope this update provides a smoother installation experience for mobile users."
https://9to5google.com/2021/01/21/firefox-for-android-makes-it-even-easier-to-add-new-browser-extensions/
#firefox #ff #android #browser #extensions
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
9to5Google
Firefox for Android makes it even easier to add new browser extensions
Mozilla is streamlining the process of adding new extensions to the Android version of Firefox, making it even easier to find add-ons.