Google Chrome users have been put on alert about Chrome extensions that collect user information

Google Chrome fans are being warned about a number of popular extensions found on the Chrome Web Store that collected sensitive user data. The Google Chrome data collection was described by one expert as a "huge spyware campaign". It was discovered by Andrey Meshkov, co-founder of Adguard, who said the data collection starts once a victim is logged into their Facebook account. The offending Chrome extensions, which have been downloaded hundreds of thousands of times, scrape data immediately after the browser starts up. In a blog post, Meshkov said all Facebook data is scraped and the extensions even try to go through a victim's purchase history. Other data that is targeted includes posts, sponsored posts, tweets, YouTube videos and adverts a victim has seen and interacted with. This data is then collected and sent to a third-party firm called Unimania who it is claimed then sells the data to other parties for revenue. According to Meshkov's findings, the data collection campaign affects Android apps as well as extensions for the market leading Google Chrome internet browser.

Google Chrome - The 11 hidden tricks EVERY Chrome users needs to know Wed, March 15, 2017 Google Chrome is the most popular web browser on the planet. It is easy-to-use, lightning-fast, and has a tonne of hidden tricks and features that you probably do not know about. Here's how to get the most from your web browser. Play slideshow EXPRESS NEWSPAPERS 1 of 12 Here's how to get the most from your web browser

Introducing his findings, Meshkov said: “The story begins with the recent research I conducted about fake ad blockers in the Chrome Web Store. “The outcome of that research was that I received dozens of questions about whether this or that extension is safe to use. “This made me take a deeper look into the most popular Chrome extensions, but even so, I had no idea at that time where this investigation was going to lead me. “In fact, it exposed to me a huge spyware campaign that utilises popular Android apps and Chrome extensions to steal Facebook data and the browsing histories of millions of users.”

According to Adguard, there were four Chrome extensions that collected user data and shared it with a third-party advertiser. It total these offending extensions were used by almost 420,000 Google Chrome users. The most popular of which was the ‘Video Downloader For Facebook’ extension which was downloaded by more than 170,000 users. Here are the four Google Chrome extensions Adguard highlighted: • Video Downloader For Facebook (More than 170,000 users) • PDF Merge – PDF Files Merger (More than 92,000 users) • Album & Photo Manager For Facebook (More than 125,000 users) • Pixcam – Webcam Effects (31,000 users)

The offending Google Chrome extensions were found on the Chrome Web Store

Meshkov added Unimania, who were mentioned in the extension’s privacy policy, were transparent about what data they collected. Under the header ‘What Information We Collect and How We Collect It’ in Unimania's own privacy policy, the company said: “In general, the Information we collect includes nonpersonally identifiable demographic and psychographic data as well as sponsored campaigns, advertisements or posts that target you directly or that have been shared with you.” In his findings, Meshkov added: "This was not just a matter limited to Chrome extensions, and I realised that I needed to continue my investigation. "To this end, some good news was that we already had some data collected while preparing a study on mobile apps tracking and I could make use of it and query it right away.

Google Chrome is the world's most popular internet browser

"That's how I found one particular app that was connecting to the Unimania servers. "This was an alternative Facebook client called "Fast - Social App" with a record of more than 10,000,000 installs according to Google Play. "The app developer does not bother to hide that fact and mentions Unimania in the privacy policy." The Adguard co-founder reported the affected Android apps and Chrome extensions to Google.