Google has removed two ad blocking extensions from the Chrome Web Store because they were caught collecting user data. We are talking about Nano Adblocker and Nano Defender, and at the time of closure, the first extension had over 50,000 installations, while the second had about 200,000.
Malicious data collection code was added in expansion in early October 2020, when the author of Nano Adblocker and Nano Defender sold both extensions some "Turkish development team". Interestingly, the new owners did not even change the name of the author, clearly trying to hide the fact of the sale, so that the true cause of the appearance of the malicious code was more difficult to detect.
However, after the sale, many users, including the creator of the uBlock Origin blocker Raymond Hill, found that the behavior of the extensions had changed by no means for the better.
"Now the extension is designed to search (sic) specific information from outgoing network requests, in accordance with externally configured heuristics, and send this data to https: //def.dev-nano (.) Com", – wrote Hill.
After further analysis it was found that malicious code collects the following information about users:
- IP address;
- a country
- OS data;
- URLs of sites visited;
- Timestamps for web requests;
- HTTP methods (POST, GET, HEAD, and so on);
- size of HTTP responses;
- HTTP status codes
- time spent on each web page;
- other URLs that were clicked on the page.
Both extensions are currently removed and disabled in custom Chrome browsers.
It should be noted that the Firefox versions of Nano Adblocker and Nano Defender do not and have never contained malware, since they did not participate in the sale and in general managed by another developer…