16 Nov “Browser-Secure” Extension Secretly Harvests Facebook, LinkedIn Contact Info
A Chrome extension called Browser-Secure has recently been discovered to be gathering details from users’ Facebook and LinkedIn accounts in secret, which it will then send to a remote server.
The extension uses maladvertising tactics to promote itself. A user may be led to a site that displays a warning message, which will then show a prompt to install the extension. Once installed, it will extract information such as name, email address, gender, mobile number, and address from the user’s Facebook and LinkedIn accounts which it uploads to the developer’s server.
Meanwhile, the extension’s search “security” feature redirects the user to http://www.browse-secure.com, then back to Google which enables the developer to track queries and associated IP addresses.
Source: Bleeping Computer