Hasty Briefsbeta

Bilingual

Analysis: Popular Chrome Extension ModHeader Exfiltrates User Data

4 hours ago
  • #Data Exfiltration
  • #Browser Extension
  • #Privacy Invasion
  • ModHeader is a Chrome extension with over 1.6 million installs that exfiltrates browsing data to api.stanfordstudies.com.
  • The extension uses AES-GCM encryption, IndexedDB storage, randomized upload timing, and evidence deletion after data exfiltration.
  • It collects all visited domains, a unique device fingerprint, and browser identity, uploading after 1,000 domains or 24 hours.
  • Stealth mechanisms include encrypted payloads, self-destruction of local data, and silent error handling to evade detection.
  • The extension also reports install, update, and uninstall events to extensions-hub.com for additional tracking.
  • Browser extensions are a security blind spot, allowing such exfiltration due to broad permissions and limited review processes.
  • Users are advised to remove ModHeader and use open-source alternatives, with a report filed to the Chrome Web Store.