Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday March 04 2020, @01:09AM   Printer-friendly
from the good-advice dept.

The Case for Limiting Your Browser Extensions:

The health insurance site was compromised after an employee at the company edited content on the site while using a Web browser equipped with a once-benign but now-compromised extension which quietly injected code into the page.

The extension in question was Page Ruler, a Chrome addition with some 400,000 downloads. Page Ruler lets users measure the inch/pixel width of images and other objects on a Web page. But the extension was sold by the original developer a few years back, and for some reason it's still available from the Google Chrome store despite multiple recent reports from people blaming it for spreading malicious code.

How did a browser extension lead to a malicious link being added to the health insurance company Web site? This compromised extension tries to determine if the person using it is typing content into specific Web forms, such as a blog post editing system like WordPress or Joomla.

In that case, the extension silently adds a request for a javascript link to the end of whatever the user types and saves on the page. When that altered HTML content is saved and published to the Web, the hidden javascript code causes a visitor's browser to display ads under certain conditions.

[...] Contacted by KrebsOnSecurity, Page Ruler's original developer Peter Newnham confirmed he sold his extension to MonetizUs in 2017.

"They didn't say what they were going to do with it but I assumed they were going to try to monetize it somehow, probably with the scripts their website mentions," Newnham said.

"I could have probably made a lot more running ad code myself but I didn't want the hassle of managing all of that and Google seemed to be making noises at the time about cracking down on that kind of behaviour so the one off payment suited me fine," Newnham said. "Especially as I hadn't updated the extension for about 3 years and work and family life meant I was unlikely to do anything with it in the future as well."

Monetizus did not respond to requests for comment.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by JoeMerchant on Wednesday March 04 2020, @03:06AM

    by JoeMerchant (3937) on Wednesday March 04 2020, @03:06AM (#966312)

    It doesn't matter if it's click-to-run from inside the browser, or an extension, or an "applet," or whatever the hell - any form of easy-install software that has rights will abuse those rights, often surreptitiously.

    People are willing targets, it's why the APPle store is a walled garden, and even they don't put in enough effort to keep all the bad stuff out.

    This is where open source absolutely kicks ass on closed. The number of times that "sudo apt-get install" has burned me? Well, two or three cases of dependency hell over the years - pretty minor considering how fast and loose I play it, but the number of times that was due to malicious intent on the part of the software authors, or the software authors were attempting to surreptitiously profit from me? Zero. We'll give Qt and their license sales hit squad a pass here - they're just misguided.

    --
    🌻🌻 [google.com]
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3