A free extension to Google Chrome that has been downloaded by 1.3 million users has been caught stealing personal information and sending it back to a single server in the US.
The code was hiding in an app called ‘Webpage Screenshot’, available from the official Chrome store, which has now been removed. The rogue extension sent information visible in the user's page title, to the mysterious American IP address, say researchers, though “what happens to the personal data and the motives for wanting it sent to the US server is anyone's guess.”
Adware disguised as apps or downloads are nothing new, and now new research from Google, due to be published at the IEEE Symposium on Security and Prviacy next month, has revealed that around 5% of people accessing Google every day have been caught by at least one of them, amounting to over 14 million users. As a result of the findings, Google has removed nearly 200 malicious extensions from its Chrome store.
You can read the full story on Information Age here.