14 DAY TRIAL // Webpage Screenshot, a browser extension available until recently in Google Chrome’s Web Store, has been delivering browsing information collected from a large amount of users to a server in the US, recent analyses have found.
As its name suggests, the extension offers functions for taking snapshots of web pages, and it also provides different drawing tools to highlight portions of the image. Apart from the 4.5 rating received from users and video tutorials, the 1.2 million downloads also speak about the popularity of the product.
Spying code is received a week after installation
To quash suspicions of illegal activity, the extension would behave normally at the beginning, and it would start the spying activity after a week, when it would receive the necessary code, security researchers have found.
The initial discovery was made by experts at Swedish security company Sentor, providers of managed security services. They found that the content of the pages was not transmitted to the remote location, which means that sensitive data such as that included in emails or message clients is not passed along.
However, the title of the page is exposed, and web-based email clients make available the username in this area, thus leading to the possibility to identify individuals.
“To avoid any security check or detection mechanism from Google, Webpage Screenshot includes a sleep function, so that the spyware-like behavior will not be activated right away, but a week later,” says Peter Kruse, founder of CSIS Security Group.
Google removed the spying extension from Web Store
The purpose of collecting the information was to create statistics about surfing behavior and sell them to a third party, such as marketing or advertising companies.
The developer of the extension told Swedish publication DN.se that individual web navigation was not relevant, as the focus of the studies was on the web pages that were accessed.
Heimdal Security researchers checked the homepage of the product (webpagescreenshot[.]info) and discovered that the registrant of the domain was one Danny Gembom from Israel.
Google has removed Webpage Screenshot from the Web Store, but the tactic employed by the developer in this case emphasizes the fact that a better security stance approach should be adopted by the company with regards to browser extensions in order to protect its clients from malicious activity.
