Infatica[.]io is one of the dubious firms luring IT developers of leading brands to include hidden botnets in their browser extension. So, any add-ons you use in your Apple, Google, Microsoft, or Mozilla browser can be spiked with botnets. Let’s explore the landscape a bit further with Brian Krebs in his blog article at Krebs on Security.
Spiking Browser Extension
When a user starts using an extension, developers should send regular updates and acknowledge service requests. There is hardly any financial gain in these actions. Companies like Infatica offer such developers some money to include dubious codebases in the popular extensions. Earning a side gig of $15 to $45 per month for every 1,000 active users is a decent pay package. Infatica then can use the user’s browser to route the traffic to questionable sites. Hao Nguyen, ModHeader developer, received many negative reviews from his users when he accepted the Infatica deal.
Reasons for Popularity
According to chrome-stats.com, more than 100,000 browser extensions are no longer actively supported by authors, and they are willing to sell off those and their user base. The situation becomes worse when brands like Google want to stop paid Chrome extensions. “It’s a really tough marketplace for extension developers to be able to monetize and get rewarded for maintaining their extensions,” says Nguyen. So, more developers are open to making quick money for their creations from disreputable firms.
Infatica’s codebase is present in at least 36 popular browser extensions for over a few years now. Video Downloader Plus is one of them, and it has over 1.4 million active users. However, Infatica founder and director Vladimir Fomenko that also owns iNinja VPN was not available for comment. The VPN extension has over 400,000 users. He has also operated King Servers for years, which was linked to the 2016 compromise of Arizona and Illinois election databases. Luminati, or HolaVPN, is another such VPN/proxy service provider.
Chrome browser extensions require no special permission, while others can view which websites you frequent, scan your browsing history, and see your open tabs. More than 68,000 Chrome extensions have code that “alter the appearance and functionality of specific sites,” warns Krebs.
Even plugins for WordPress and Joomla are not to be spared. Carefully read through the permissions you are granting to the browser extensions. If an existing extension wants more permissions than the previous update, do not upgrade if possible. If a website wants you to download an extension before viewing its content, never download it. To see how many extensions you have, click on the three dots on the right of your address bar. Click on ‘More Tools’ or ‘Add-ons’ then ‘Extensions’.
To view the original article, visit the following link: https://krebsonsecurity.com/2021/03/is-your-browser-extension-a-botnet-backdoor/