Stories
Slash Boxes
Comments

SoylentNews is people

Adblockers Installed 300,000 Times are Malicious and Should be Removed Now

posted by Fnord666 on Friday October 23 2020, @10:24AM   Printer-friendly
from the uninstall-this-malware-immediately dept.

upstart writes in with an IRC submission for carny:

Adblockers installed 300,000 times are malicious and should be removed now:

Adblocking extensions with more than 300,000 active users have been surreptitiously uploading user browsing data and tampering with users' social media accounts thanks to malware its new owner introduced a few weeks ago, according to technical analyses and posts on Github.

Hugo Xu, developer of the Nano Adblocker and Nano Defender extensions, said 17 days ago that he no longer had the time to maintain the project and had sold the rights to the versions available in Google's Chrome Web Store. Xu told me that Nano Adblocker and Nano Defender, which often are installed together, have about 300,000 installations total.

Four days ago, Raymond Hill, maker of the uBlock Origin extension upon which Nano Adblocker is based, revealed that the new developers had rolled out updates that added malicious code.

[...] The incident is the latest example of someone acquiring an established browser extension or Android app and using it to infect the large user base that already has it installed. It's hard to provide actionable advice for preventing this kind of abuse. The Nano extensions weren't some fly-by-night operation. Users had every reason to believe they were safe until, of course, that was no longer the case. The best advice is to routinely review the extensions that are installed. Any that are no longer of use should be removed.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Adblockers Installed 300,000 Times are Malicious and Should be Removed Now | Log In/Create an Account | Top | 15 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Friday October 23 2020, @10:29PM (1 child)

    by Anonymous Coward on Friday October 23 2020, @10:29PM (#1068082)

    users being unable

    You're wrong, users are able to disable firefox plugin auto-update. I have disabled auto-update of plugins for this reason, and though I've only twice actually reviewed code beyond changelogs, I appreciate being able to.

    Your beef is maybe with users who aren't savvy enough to?

  • (Score: 0) by Anonymous Coward on Saturday October 24 2020, @05:23AM

    by Anonymous Coward on Saturday October 24 2020, @05:23AM (#1068164)

    For the present. The fact that this is enabled by default should be a warning sign given Mozilla's past pattern of first enabling something by default + offering a way to opt out and then removing said opt out because "only a statistically insignificant amount of users was making use of that option, and it's oh so expensive to maintain --- our devs just can't stomach maintaining that one line boilerplate check --- we better just axe it in the next build (which, unless users go to considerable lengths on Windows, is a forced update) kthxbye."

    It's basic human decency to never apply changes behind the user's back and always prompt before applying them even if it is an automated process --- unless the user explicitly opted into an alternate, silent, approach (id est, the setting should be off by default, same with updates to the browser itself --- where this freedom was mostly curtailed already).