Google has removed two ad blocker extensions from the official Chrome Web Store over the weekend after the two were caught collecting user data last week.
The two extensions were named Nano Adblocker and Nano Defender, and each had more than 50,000 and 200,000 installs, respectively, at the time they were taken down.
The two had been around for more than a year, but the malicious code was not included with the original versions.
The data collection code was added at the start of this month, in October 2020, after the original author sold the two extensions to “a team of Turkish developers.”
After the sale, several users, including Raymond Hill, the author of the uBlock Origin ad blocker, came forward to point out that the two extensions were modified to include malicious code.
“The extension is now designed to lookup[sic] specific information from your outgoing network requests according to an externally configurable heuristics and send it to https://def.dev-nano.com,” Hill said.
After further analysis, this malicious code was exposed to collect information about users, such as:
- User IP address
- Country
- OS details
- Website URLs
- Timestamps for web requests
- HTTP methods (POST, GET, HEAD, etc.)
- Size of HTTP responses
- HTTP status codes
- Time spent on each web page
- Other URLs clicked on a web page
In addition, the two Turkish developers also never modified the two extensions’ author fields, leaving the original author’s name in place, in what appeared to be an attempt to hide the sale and the culprit behind the malicious code.
After being called out on GitHub, the two Turkish developers created a privacy policy page where they attempted to disclose the data collection behavior in a misguided attempt to legitimize the malicious code.
However, this only made things easier for Google’s staff, as any type of extensive data collection is forbidden, per Chrome Web Store rules.
The two extensions were taken down over the weekend and disabled in users’ Chrome browsers.
The Firefox versions of Nano Adblocker and Nano Defender never contained the malicious code, as they were not part of the sale and were managed by a different developer.