Red alert for two adblock extensions by Chrome: Nano Adblocker and Nano Defender – which together count up to 300 thousand installations – were compromised and in turn interfered with users’ social media accounts: the problems occurred after the two extensions passed owned in the past few weeks.

Hugo Xu, developer of Nano Adblocker and Nano Defender, in fact declared about two weeks ago that he no longer had time to keep the project, selling the rights for the two extensions present in the Google Chrome Web Store. Earlier this week, however, Raymond Hill, author of the uBlock Origin extension on which Nano Adblocker is based, warned that the new owners of the two extensions have inserted malicious code.

Compromised adblockers: like on Instagram and access to user accounts

Hill immediately noticed that the extensions checked if the browser’s developer console was open and in the event of a positive response, they sent a “report” file to a remote server. In other words, the extensions check whether the user is in turn analyzing the behavior of the extensions. A second unusual behavior of these two adblockers is the automatic sending of a large number of “likes” to posts on Instagram , without any user intervention.

Users of these extensions then noticed that browsers were trying to access user accounts that were not already open. This behavior has led to the hypothesis that extensions access authentication cookies and exploit them to gain access to user accounts .

“Since the newly added code was able to collect request headers in real time, this means that sensitive information such as session cookies may have leaked. Malware expert so I am not able to pinpoint everything that can be done when you have real-time access to the request headers, but I guess this is bad business, “Hill commented.

Remove compromised adblockers and change passwords

The elements collected to date show that the extensions are able to secretly load user data, obtaining unauthorized access to at least one website and, for this, violating the terms of Google service. The extensions were removed from the Chrome Web Store with Google and they also issued a warning indicating that they are not safe. The advice is obviously that, for those who have installed these extensions, to remove them as soon as possible .

Nano Adblocker and Nano Defender are also available in the Firefox and Microsoft Edge extension stores. The versions for these browsers do not currently seem affected by the problem, although it is worth paying attention to the fact that Edge, based on Chromium, can also install extensions from the Chrome Web Store. Those who have used the Nano Adblocker and Nano Defender extensions on Edge from the Chrome Web Store should also remove them as soon as possible.

It is also important to underline that if the extensions were able to load self cookies