Users’ browser were secretly redirected to ad pages by Chrome Extension
April 7, 2016
Shah Sheikh (1294 articles)

Users’ browser were secretly redirected to ad pages by Chrome Extension

Google has banned the Better History Chrome extension from the Chrome Web Store after users complained that it started taking over their browsing sessions and redirected them to pages showing ads.

Things started to go wrong when users were prompted to update from version 3.9.7 to 3.9.8. Later, the extension prompted for an extra permission to “Read and change all your data on the websites you visit.”

Before taking users to their desired destinations, the extension was redirecting users’ HTTP traffic through a proxy service, and showing them an extra page with ads in 50% of the hijacked sessions.

Not only did that reap advertising revenue for the extension’s owners but it also allowed them to spy and collect analytics on the user’s traffic habits that could later be sold to online advertisers.

Over the weekend, angry users brought the extension’s waywardness to the attention of its original author on GitHub over the weekend.

On confrontation, the extension’s original author disclosed that he sold Better History to an unnamed company two months ago, since version 3.9.5.

Better History, in its original version, was a Chrome extension that added extra filters to the user’s Chrome History section to make it easier to view and find pages accessed in the past.

It was later discovered that the extension’s new owners stopped adding changes to the extension’s GitHub repository to make it appear like the extension never changed. However, they secretly added malicious code ever since they bought the add-on.

Better History’s new owners introduced a script called “common.js” that installed a proxy extension on the user’s browser, used to redirect Chrome traffic.

According to Reddit user Scarazer, the same malicious code can be also found on a number of other Google Chrome extensions, including Chrome Currency Converter, Web Timer, User-Agent Switcher, Better History, 4chan Plus, and Hide My Adblocker.

After the extension was reported as malware to Google, currently only Better History and User-Agent Switcher have been removed from the Web Store.

Source | TechWorm