Risky Bulletin Browser extensions hijacked for web scraping botnet

More than one million users have installed browser extensions that turn their browsers into proxies for a web scraping botnet.

The extensions contain a library named Mellowtel that waits for users to go inactive, disables page security protections, and then loads a remote website inside a hidden iframe. The parsed/scraped website is then sent to a remote URL for analysis.

SecureAnnex found the Mellowtel library in 245 extensions for Chrome, Edge, and Firefox.

Some developers have started removing it from their code after the browser makers started cracking down on its use. Currently, 12 of the 45 Chrome extensions have removed it, 8 of the 129 Edge extensions, and 2 of the 69 Firefox ones.

To read the complete article see: Risky Bulletin

Learn more here: SecureAnnex Blog