Experts get Google, Microsoft to pull trusted ModHeader with 1.6 million installs after finding it could harvest all kinds of data



  • Stripe OLT found ModHeader v7.0.18 carried a hidden spyware SDK, exfiltrating visited domains daily to a Chinese‑owned server and acting as adware
  • The extension had 1.6M downloads across Chrome and Edge before being pulled but installed endpoints remain at risk
  • Researchers urge defenders to identify and remove existing installations, as removal from stores does not automatically remediate compromised devices

ModHeader, a trusted Chrome and Edge browser extension with more than 1.6 million downloads, was found to be malicious, apparently sending sensitive data to a Chinese-owned server, and has since been pulled on both repositories.

Security researchers Stripe OLT revealed the news in a new report, outlining how a ModHeader build v7.0.18 carried a hidden spyware SDK.

https://cdn.mos.cms.futurecdn.net/97XMVxvuGbBvxfxdd8VJqH-2560-80.jpg



Source link

Latest articles

spot_imgspot_img

Related articles

Leave a reply

Please enter your comment!
Please enter your name here

spot_imgspot_img