Free and Open Source Software @beehaw.org vitonsky @programming.dev 1y ago

Browser extensions spy on you, even if its developers don't

vitonsky.net Browser extensions spy on you, even if its developers don't

I've developed a few browser extensions, and every week I receive numerous emails with "revenue offer". Some experienced developers know that offers like these will inject malware into the browsers of your users, but scammers who make these offers will not tell you about it. They offer "integrations...

4 comments

Mozilla prohibits connections to the internet, which aren't necessary for the advertised functionality of an extension. So, these are rather "Chrome extensions" we're talking about...
I wonder how easy it would be to make an extension and fake it's popularity? Make make it intentionally broken or something, so users immediately uninstall it too.

Sounds like an easy $10k, assuming the scammers would actually pay.
Don't extensions get reviewed by the various stores? I'd imagine an automated check could catch malicious integrations like that.

Maybe not right away, but once they catch wind of one shady extension they could just search the store for any other ones.