Hey everyone, Nuked here! Let’s dive into a fascinating and slightly alarming story about how browser extensions can unintentionally turn your browser into a secret web-scraping machine.

Nearly a million browsers worldwide have installed extensions that secretly bypass security measures to scrape websites for paid clients. These extensions, compatible with Chrome, Firefox, and Edge, have been downloaded close to 909,000 times. They serve normal functions like managing bookmarks or boosting volume, but they share a common backbone: a JavaScript library called MellowTel-js, designed for monetizing extensions.

This library enables developers to turn their extensions into tools that secretly scrape website data for advertisers and other clients. The shady part? Instead of just managing your bookmarks, these extensions secretly open a web connection to gather data, effectively turning your browser into a bot! The data is then sent to a web service called Olostep, which claims to access websites without detection, processing up to 100,000 requests per minute.

Critics like researcher John Tuckner believe that these extensions weaken browser security by removing protections through dynamic modifications of security headers and web requests. This manipulation exposes users to potential attacks like cross-site scripting because normal safeguards are bypassed. The extensions also open unknown websites within hidden iframes, leaving users unaware of what content is being loaded behind the scenes.

The concerning part? Users trust these extensions to access publicly available data, but the security and trustworthiness of the accessed sites can change instantly if a site gets compromised. Enterprise networks are also at risk since many restrict code and site access, and these extensions could undermine those safeguards.

Despite some extensions removing the malicious library or being disabled, many still pose risks. A recent list from Tuckner shows that out of 45 Chrome extensions, some have been removed for malware, while others have simply updated to remove the library. Similar issues are present in Edge and Firefox extensions. It’s a wake-up call on how seemingly innocent tools can be exploited to turn regular browsing into a covert data collection operation.