The Chrome ad blocker collects user data |
After discovering that the extension was collecting user data, Google removed the ad blocker from the official Chrome Web Store.
The first plug-in is called Nano Adblocker and at the time of the removal, more than 50,000 installations were installed.
The second accessory is called the Nano Defender, and at retirement time, more than 200,000 installations have been installed.
(Nano Adblocker) and (Nano Defender) have been around for over a year and the original release didn't contain any malicious code.
After the original author sold these two additions to a group of Turkish developers, the data collection code was added in early October 2020.
After the sale, several users, including uBlock Origin author Raymond Hill, said both plugins have been modified to contain malicious code.
Hill said: The extension is now designed to find specific information from outbound network requests based on an externally configurable conclusion and send it to (https://def.dev-nano.com).
After further analysis, it emerged that the malicious code was gathering information about the user, such as:
- The user's IP address.
- country.
- OS details.
- Website address.
- Timestamp of the web request.
- Method (http).
- (HTTP) Number of replies.
- Status code (HTTP).
- Time spent by each side.
- The website title was clicked on the page.
In addition, the Turkish developers have never changed the "author" field for the attachment, but they have kept the original author's name. This appears to be an attempt to cover up the sales and take responsibility for the malicious code. .
Two Turkish developers created a privacy policy in which they tried to expose data gathering behavior but legalized the malicious code.
However, this makes the job easier for Google employees, because according to Chrome Web Store rules, any form of group data collection is prohibited.
These two extensions have been removed and disabled in the user's Chrome browser.
The versions of Firefox (Nano Adblocker) and (Nano Defender) never contain malicious code, as these versions are not part of the sale but are managed by other developers.