Adblockers installed 300,000 times are malicious and should be removed now:
Adblocking extensions with more than 300,000 active users have been surreptitiously uploading user browsing data and tampering with users' social media accounts thanks to malware its new owner introduced a few weeks ago, according to technical analyses and posts on Github.
Hugo Xu, developer of the Nano Adblocker and Nano Defender extensions, said 17 days ago that he no longer had the time to maintain the project and had sold the rights to the versions available in Google's Chrome Web Store. Xu told me that Nano Adblocker and Nano Defender, which often are installed together, have about 300,000 installations total.
Four days ago, Raymond Hill, maker of the uBlock Origin extension upon which Nano Adblocker is based, revealed that the new developers had rolled out updates that added malicious code.
[...] The incident is the latest example of someone acquiring an established browser extension or Android app and using it to infect the large user base that already has it installed. It's hard to provide actionable advice for preventing this kind of abuse. The Nano extensions weren't some fly-by-night operation. Users had every reason to believe they were safe until, of course, that was no longer the case. The best advice is to routinely review the extensions that are installed. Any that are no longer of use should be removed.
(Score: 5, Insightful) by zocalo on Friday October 23 2020, @11:12AM
Realistically, it's too much to expect end users to be able to keep on top of this, especially when you've got browser vendors that insist on resetting user prefererances NOT to auto-update the browser and/or extensions, so if you're going to try and stop this kind of attack vector then it really has to fall to those operating the extension "stores". Not sure you could achieve that though; a policy update requiring project control ownership transfers be notified to the store might help, but that's probably going to need to be supplemented by things like monitoring of accounts/IP ranges used to upload updates to the store - any such red flags could then trigger a period of increased scrutiny of the code before it is made available for users to download. Not a perfect solution, but it would at least raise the bar enough to deter a bunch of the also-rans and script kiddies, which is still better than nothing.
UNIX? They're not even circumcised! Savages!