Browser extensions turn nearly 1 million browsers into website-scraping bots
1 min read
Summary
Almost one million people have downloaded browser extensions that undermine key security features to act as engines for website scraping on behalf of a paid service, according to reports.
The extensions, which have been available for Chrome, Firefox and Edge, include those for managing bookmarks, boosting speaker volume and generating random numbers.
They all, however, use the MellowTel-js library, which allows developers to monetise their extensions, by scraping websites on behalf of paying customers, mostly advertisers, who want to access specific web pages.
The analyst who discovered the practice, John Tuckner, from SecurityAnnex, posits that MellowTel, the creator of the library, and Olostep, a web-scraping API company, are linked and that the scraping requests are distributed to any active extensions that are running the MellowTel library.
