Extensions installed on almost 1 million devices have been found to bypass essential security protections and transform browsers into tools that scrape websites for a paid service. These extensions, available across Chrome, Firefox, and Edge, have amassed close to 909,000 downloads. The main purpose of these plugins ranges from managing bookmarks and clipboards to enhancing audio volume and generating random numbers.
However, a common element among all these extensions is their integration of MellowTel-js, an open-source JavaScript library that developers use to monetize their extensions. Security researcher John Tuckner from SecurityAnnex uncovered that the monetization method involves covertly using these extensions to scrape data from websites for paying customers, including advertisers.
![[AS269506] BRLOGNET TELECOMUNICACOES LTDA (2 probes)](https://r2.isp.tools/asn/269506/logo/image_50px.png){kind=logo}
![[AS263635] REDE G2 LTDA - ME](https://r2.isp.tools/asn/263635/logo/image_50px.png){kind=logo}
![[AS264911] POWERNET TELECOM](https://r2.isp.tools/asn/264911/logo/image_50px.png){kind=logo}
![[AS265919] BB Host LTDA](https://r2.isp.tools/asn/265919/logo/image_50px.png){kind=logo}
![[AS270764] Ecxon Datacenter LTDA](https://r2.isp.tools/asn/270764/logo/image_50px.png){kind=logo}
![[AS28362] Onda Internet](https://r2.isp.tools/asn/28362/logo/image_50px.png){kind=logo}
![[AS272697] B HOST BRASIL INTERNET LTDA](https://r2.isp.tools/asn/272697/logo/image_50px.png){kind=logo}
![[AS263457] Alpinet Informatica Ltda](https://r2.isp.tools/asn/263457/logo/image_50px.png){kind=logo}
![[AS263530] MICROSOL INFORMATICA LTDA - ME](https://r2.isp.tools/asn/263530/logo/image_50px.png){kind=logo}
![[AS2716] Universidade Federal do Rio Grande do Sul](https://r2.isp.tools/asn/2716/logo/image_50px.png){kind=logo}
![[AS262448] DIALHOST INTERNET EIRELI](https://r2.isp.tools/asn/262448/logo/image_50px.png){kind=logo}
![[AS7195] EdgeUno (5 probes)](https://r2.isp.tools/asn/7195/logo/image_50px.png){kind=logo}