Is Your Browser Extension A Botnet Backdoor?

krebs-on-security-banner

A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development, and why installing an extension can be such a risky proposition.

Singapore-based Infatica[.]io is part of a growing industry of shadowy firms trying to woo developers who maintain popular browser extensions — desktop and mobile device software add-ons available for download from Apple, Google, Microsoft and Mozilla designed to add functionality or customization to one’s browsing experience.

Some of these extensions have garnered hundreds of thousands or even millions of users. But here’s the rub: As an extension’s user base grows, maintaining them with software updates and responding to user support requests tends to take up an inordinate amount of the author’s time. Yet extension authors have few options for earning financial compensation for their work.

Read the rest of the story…

2 thoughts on “Is Your Browser Extension A Botnet Backdoor?”

  1. Brian Krebs is a national hero (international, actually). His weekly live Friday forums at The Post are still remembered fondly (and missed) by many.

    1. Richard Pedersen

      He is definitely an asset to the security world and we are fortunate in that he has given us permission to use his article excerpts.
      Thank you, Brian!

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top

WHY NOT SUBSCRIBE TO OUR NEWSLETTER?

Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!