Security Researches Uncover Browser Extension Malware

Security expert Robert Heaton uncovered a nasty surprise when analyzing the popular browser extension Stylish. The seemingly innocent extension allowed uses to change website’s themes to their liking, but underneath it did something more sinister.

Every time a Stylish user visited a website, an obfuscated version of the URL was sent to Stylish servers. In essence, a user’s entire browser history was being recorded by the extension. Nobody can be certain what the data was being used for (whether malicious or innocent), but seeing that the extension was owned by SimilarWeb, we can assume is was used for analytics. SimilarWeb is a company that ranks websites and sells estimated traffic statistics based on information they gather. Apparently, browser extensions are a source of data they use. What is most concerning, is we don’t know if individual user’s website histories were being sold and it is unlikely if we will ever find out.

This is another example of why it is important to read the long “Privacy Policy” and “Terms of Service.” In fact, Stylish actually said that they “may record what websites you visit for quality assurance.” That innocent little statement gives them the ability to record your web history and protect themselves from legal repercussions. This isn’t the first time we have seen companies seek nasty things into their privacy policy and it won’t be the last. At times over 20 pages long, privacy policies are something that nobody actually reads. The legal implications of this are drastic but until the government steps in, it is what we are left to deal with.

So, who knows what other extensions are doing similar things? I can’t imagine how terrible things could turn out if an extension started stealing banking details or recording your credit card number. Hopefully, Google and Mozilla put a stop to these practices and audit extensions to stop things like this from occurring. In any event, it is best to use a browser without any third-party components for when you need security the most.