The Extension for Chrome, Designed to Protect Users, Steals Information from LinkedIn and Facebook

Nov 16, 2017 | 2:19 pm

Published by | Chandan Singh

How to Protect FB and Linkedin Account :-

A well-known IB specialist and founder of the Bleeping Computer resource, Lawrence Abrams,discovered in the Chrome Web Store a suspicious extension called Browse-Secure, which is advertised as a tool that guarantees its users secure, encrypted, and truly anonymous search.

Unfortunately, in fact, the extension steals data from LinkedIn and Facebook accounts and sends them to a remote server.

(Protect FB and Linkedin Account)

Although the extension page in the Chrome Web Store does not cause any particular suspicion (except maybe the date of adding to the catalog and the lack of illustrations), Abram writes that Browse-Secure is advertised on third-party sites using a standard fraudulent scheme: the user is shown a fake message about security problems and recommends urgently load the extension, which will fix everything. An example of such advertising can be seen below.

After installation, Browse-Secure communicates with its backend at backend.chupashop.com/getuid4search, and the user is assigned a UID, which is then used to identify that specific browser and installation.

The extension then accesses the crawl.json file that it contains. The file contains a set of rules and URLs to which Browse-Secure accesses to retrieve data.

URL Retrieve data
http://www.facebook.com/me/about Name, date of birth
https://www.facebook.com/me/about?section=contact-info Sex, address
https://www.facebook.com/settings Email address
https://www.facebook.com/settings?tab=mobile Mobile phone number
http://www.linkedin.com/psettings/email Email address
https://www.linkedin.com/profile/edit-basic-info Full name

As soon as the information is collected, the extension is reconnected to the backend and downloads all the collected data to the remote server.

Abrams writes that it is not yet known for what purpose Browse-Secure developers need personal information of users. The obtained data can be used both for carrying out directed phishing attacks, and for realization of more primitive fraudulent schemes, for example, for delivery of a spam (including the present, paper).

As for the extension of the function of secure, encrypted and anonymous search stated in the description, the researcher is not sure how much these statements are true. So, after installing Browse-Secure in the search bar, an icon appears that shows the lock (see below), and requests to search engines Google, MyWebSearch, Bing, MSN, Ask, WoW, MyWay, AOL and SearchLock are redirected, of the form http://www.browse-secure.com/search?a=[id_extension]&q=[earch search]. After this, the user redirects back to Google or another search engine. That is, the developers of Browse-Secure also track the IP addresses of their victims, as well as “see” all their search queries.

At the end of the article, Abrams recalls that one should not trust a deliberately aggressive and frightening advertisement that suggests something to be installed. Also, the specialist recommends downloading only the checked extensions for the browser, having carefully read the reviews on the Chrome Web Store page. After all, these days, extensions are often used by intruders to track users’ search queries, implement advertisements in the code of web pages, or for the purpose of redirecting victims to partner sites, each transition to which brings money to developers of such an adware. You read our this blog for tips about “Protect FB and Linkedin Account” and if you wanna read more good blogs about cyber security, information security and hacking etc then visit our website blog page and read to be updated with information security.