SweX 871 Posted April 7, 2015 Share Posted April 7, 2015 (edited) Swedish newspaper DN had this story about the Chrome extension "webpage screenshot" today, so I made a rough translation of the important bits from the article..... According to the article it will send data each minute about what websites you have visited to a server in the U.S., even from secure connections. It does not collect content from visited websites or content from emails, but it has capabilities to do that if the "dev" want to. The "dev" says to DN that the purpose with collecting all this is to build up statistics on browsing behaviours and sell it because it has a high commercial value, and he point out that it's not data from individuals that is interesting but browsing behaviours as a whole. The code that makes the spying possible is not present in the extension's source code at first, but gets downloaded from the Internet some time after install, and the spying begins around 1 week after install. Which could be one reason to why the extension passed the security checks. Original: hxxp://www.dn.se/nyheter/sverige/hemlig-kod-spionerar-pa-svenskars-surfvanor/ Translated: https://translate.google.com/translate?sl=sv&tl=en&js=y&prev=_t&hl=sv&ie=UTF-8&u=http%3A%2F%2Fwww.dn.se%2Fnyheter%2Fsverige%2Fhemlig-kod-spionerar-pa-svenskars-surfvanor%2F&edit-text=&act=url The extension at the google store (don't install it): https://chrome.google.com/webstore/detail/webpage-screenshot/ckibcdccnfeookdmbahgiakhnjcddpki?hl=sv [privacy] The notice you see about having access to your history and website data is automatically generated because Webpage Screenshot uses chrome extensions api. Be sure that it doesn't look at your private data!A researchers from UC Berkeley tested and review the source code of this extension. For your own privacy, Webpage Screenshot Capture will not send anything to any server. hxxp://mac.softpedia.com/get/Internet-Utilities/Webpage-screenshot-for-Chrome.shtml Edit: The above link doesn't work anymore, but I remember that the Developer name at Softpedia was "Amina" which is beginning of the first name Aminadav Glickshein. Edited April 10, 2015 by SweX Link to comment Share on other sites More sharing options...
rugk 397 Posted April 7, 2015 Share Posted April 7, 2015 (edited) Now it seems as it was deleted... A few minutes ago I could access it in the Chrome store, now it only displays an error. ("Item not found. This item may have been removed by its author.") Edited April 8, 2015 by rugk Link to comment Share on other sites More sharing options...
SweX 871 Posted April 8, 2015 Author Share Posted April 8, 2015 (edited) Now it seems as it was deleted... A few minutes ago I could access the Chrome store, now it only displays an error. ("Item not found. This item may have been removed by its author.") Yeah very good... Edited April 10, 2015 by SweX Link to comment Share on other sites More sharing options...
SweX 871 Posted April 10, 2015 Author Share Posted April 10, 2015 (edited) Popular Chrome extension turns out to be Spyware! If an extension is listed for Chrome and has a decent rating, it is surely safe to install, right? Maybe not. In today’s world spying has become a common activity. That does not mean though that it is any more acceptable. A Chrome extension known as Webpage screenshot collects private information about its users and shamelessly sells it to a third party. What is astonishing is that the extension has an excellent rating of 4.5 stars and has been downloaded by 1.2 million users worldwide. This highlights the lack of awareness among customers as to what such programs actually do behind the scenes. According to the founder of the CSIS Security Group, Peter Kruse:“To avoid any security check or detection mechanism from Google, Webpage Screenshot includes a sleep function, so that the spyware-like behavior will not be activated right away, but a week later.” Google’s security check usually filters out malicious extensions from the chrome library, which is probably why the original software does not act like spyware at all. After a week however, it downloads additional components/code and commences the spying program. This way, the spyware part of code evades the scanners. Once activated, the spyware component collects sensitive information about the user and transmits it to the ip address: 64.34.175.88, located in New York, USA. hxxp://blog.emsisoft.com/2015/04/10/popular-chrome-extension-turns-out-to-be-spyware/ Edited April 10, 2015 by SweX Link to comment Share on other sites More sharing options...
SweX 871 Posted April 10, 2015 Author Share Posted April 10, 2015 Where is this extension coming from? The extension homepage is located at this address webpagescreenshot[.]info, with the following registrant information: Registrant Name:Danny Gembom Registrant Organization: Registrant Street: Rehovot POB 80 Registrant City:Rehovot Registrant State/Province: Registrant Postal Code:38819 Registrant Country:IL Registrant Phone:+972.542290258 It also features an email address, which makes use of the domain bubbles.co.il. This domain gives us more detailed information: person: Aminadav Glickshein address: Nof Ayalon P.O.B 6 address: D.N. Shimshon address: 99785 address: Israel phone: +972 8 9790049 e-mail: AminadavG AT gmail.com How does Webpage Screenshot behave? We will present shortly the main events that occur when this extension is installed: 1. The user installs the extension from Google Chrome Web Store. 2. A week later the spyware capabilities are activated, by downloading additional code from the web . This smart behavior allows the extension to evade any security check from Google, which cannot analyze the entire code and detect its spyware features. 3. Once the extension has activated its private data collecting ability, the sensitive information that can be used to identity an individual is transmitted in the United States at the following IP address: 64.34.175.88 (Serverbeach, New York, USA). 4. The analyzed IP address gives us a number of subdomains related to this service: webpagescreenshot[.]info c.webpagescreenshot[.]info ch.webpagescreenshot[.]info s1.webpagescreenshot[.]info ww.webpagescreenshot[.]info che.webpagescreenshot[.]info ftp.webpagescreenshot[.]info www.webpagescreenshot[.]info cheg.webpagescreenshot[.]info youtube.cwww.webpagescreenshot[.]info ywww.webpagescreenshot[.]info youtube.cowww.webpagescreenshot[.]info yowww.webpagescreenshot[.]info youtube.comwww.webpagescreenshot[.]info youwww.webpagescreenshot[.]info youtwww.webpagescreenshot[.]info youtuwww.webpagescreenshot[.]info youtubwww.webpagescreenshot[.]info https://heimdalsecurity.com/blog/webpage-screenshot-leaks-private-data-million-users/ Link to comment Share on other sites More sharing options...
rugk 397 Posted April 11, 2015 Share Posted April 11, 2015 (edited) A Chrome extension designed for the taking and annotation of screenshots has been found to be leaking sensitive data from its 1.2 million users, reports SC Magazine. The extension, named Web Screenshot, had been given a 4.5 rating from users, unaware that it contained code that was scraping personal data and sending it back to a central US server. Google pulls Chrome screenshot extension, after it leaks personal data - WeLiveSecurity.com Edited April 11, 2015 by rugk Link to comment Share on other sites More sharing options...
Recommended Posts