As outlined in Tech Radar, a popular browser extension named ModHeader, which had amassed over 1.6 million downloads across Chrome and Edge, has been identified as containing malicious spyware. The extension was found to be exfiltrating visited domain data to a server linked to Chinese actors.Security researchers at Stripe OLT discovered that version 7.0.18 of ModHeader included a hidden spyware SDK. This SDK was designed to collect visited domains, encrypt the data using AES-GCP, and transmit it daily to a server with Chinese ownership. While the data collection feature was inactive by default, the necessary code, encryption key, and upload schedule were embedded within the extension. The extension also functioned as adware, displaying ads and opening advertising tabs. The researchers attributed the attack to a Chinese-speaking threat actor with low confidence, with evidence including routing emails through Lark and Chinese strings within the code.Microsoft and Google have since removed ModHeader from their respective stores. However, users who had the extension installed prior to its removal remain at risk, and defenders are urged to identify and remove existing installations to prevent further data exfiltration.Source: Tech Radar
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




