Ad blockers like Nano Adblocker and Defender are supposed to help filter out annoying advertisements while you browse the web. Unfortunately, the Chrome versions of the two ad blocking extensions were found to have malware installed that secretly uploading their browsing data and tampered with social media accounts.
This comes as a post on Github highlighted this problem occurred when the new owner of the extension rolled out updates that added malicious code.
The original developer of the extensions, Hugo Xu, explained that he sold the rights to the versions available in Google’s Chrome Web Store as he no longer had the time to maintain them.
Users of the extension noticed their browsers behaving strangely like automatically issuing ‘likes’ for many Instagram posts without any input by users. An artificial intelligence and machine learning research Cyril Gorlla told ArsTechnica that his browser liked more than 200 images from an Instagram account that did not follow anyone.
This isn’t the first time browser extensions have been up to no good. Earlier this month, another Chrome extension called User Agent Switch, which had more an installation base of more than 100,000 active users was doing the same thing. Google has since removed the offending extension.
Other users of the extension reported in a Github forum that infected browsers were also accessing their user accounts that weren’t already opened in their browsers. It is suspected that the extension was accessing authentication cookies and trying using them to gain access to user accounts.
Google has already acted by removing the offending extensions from its Chrome Web Store and issued a warning that they are not safe. It advises anyone who has installed the extensions to remove them immediately.
It should be noted that both Nano Adblocker and Nano Defender are also available on other extension stores like on Firefox and Microsoft Edge. The original developer claims that both these extensions are not affected by the malware. However, as the Edge browser can install extensions from the Chrome Web Store, there remains a possibility it too can be infected this way.
Because these extensions may upload your browsing session cookies means that anyone who has been infected should fully log out of all websites. By doing so, this would invalidate the session cookies and prevent anyone from using them to gain unauthorised access. If you are really paranoid, you can take it a step further by changing your passwords to be on the safe side.
This latest incident serves as a reminder that anyone can acquire an established browser extension and use it to infect a large user base. The only remedy to this problem to routinely review your browser extensions and remove those that you no longer use.