Creating new perspectives since 2009

Spyware found in popular Google Chrome add-on

April 8, 2015 at 2:16 pm

Swedish IT security experts warn that information on what’s searched online is being leaked through a Google Chrome add-on. Swedish Daily newspaper Dagens Nyheter reported on Tuesday that several Swedish companies and more than one million Internet users were exposed to espionage through their computers.

Cristian Mariolini, expert at IT security company Sentor MSS, told Dagens Nyheter that a hidden code had been placed inside a program called Webpage Screenshot – used by the Google Chrome browser. The software is used for taking screenshots and saving them on the computer.

IT security expert Mariolini told Dagens Nyheter that his company discovered that, through a hidden “spy code” within the Webpage Screenshot program, information on what’s being searched online by users was being sent to a server registered in the US.

However, the IP address – as well as the phone number – of the server is registered to a private person whose address is in Israel, according to Dagens Nyheter.

Mariolini said: “We monitor our customers’ networks for signs of hacking. A few weeks ago, we found a strange pattern in the traffic of several companies. After talking with them, we found this plug-in which was installed on the computers that behaved strangely.”

The owner of Webpage Screenshot confirmed to Dagens Nyheter that he added a code which sends the data regarding sites users visit. He said the purpose was to “produce statistics on surfing behavior” and then sell it.

At the time of writing, the add-on has been removed from the Chrome Add-Ons Marketplace, and as such can not be installed. No police reports have been made as police rarely have the ability to investigate such cases, according to Dagens Nyheter.