Apps
Delete these two Google Chrome ad blockers – they’re riddled with malicious code
Remove the Chromium versions of Nano Adblocker or Nano Defender now. Seriously.
Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
Two popular adblocker extensions found in the Chrome Web Store with over 300,000 active users have been siphoning off user browsing history while also hijacking user’s social media accounts. The reason? The developer of the two projects sold the rights to another developer who allegedly inserted malicious code into the Chrome extensions.
In a post on the GitHub page for the Nano projects (Nano Adblocker and Nano Defender), original developer Hugo Xu said he no longer has the time to maintain them, so he sold them to an unspecified Turkish developer. That left 300K users in the hands of unknowns, which could have used the existing install base for malicious means.
Well, that’s exactly what happened, with the uBlock Origin extension maker noticing that the Nano extensions had some new code snippets, which in his estimation, turned them into malicious software. Those included checking if the user had opened the developer console, sending a “report” file to a server maintained by the Nano developers.
That’s not all it was doing though, with user browsing data being uploaded without the user’s consent. That browsing history seemingly also included session cookies, as many users reported that their browsers were automatically issuing likes to posts on Instagram, with no user input.
For their part, Google has already removed the Chrome Web Store’s extensions and issued a warning that they’re not safe to use. If you had either of them installed on your machine, you should probably remove them immediately. Seriously, do that now.
It’s also possible that the malicious code uploaded session cookies, so you should log out fully of every website you use. That should invalidate the siphoned cookies, keeping you safe. If you want to err on the side of caution, you should also change the passwords of every single site you’ve been using too.
Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.
Editors’ Recommendations:
- Chrome 86 is now available – here’s what to know
- Firefox and DuckDuckGo join Google Chrome as default browsers on iOS 14
- You can finally set Chrome as your default browser with iOS 14 – here’s how
- A new Chrome feature will hopefully keep websites from obliterating your battery
Follow us on Flipboard, Google News, or Apple News
