Recherche : [secureannex]

Enterprise Software Extension Security & Management Platform https://secureannex.com/blog/mellow-drama/

09/07/2025 09:14:11

How the Mellowtel library transforms browser extensions into a distributed web scraping network, making nearly one million devices an unwitting bot army.

Many developers begin creating browser extensions with a strong passion to solve problems they believe others might face as well. Eventually, as extensions become more popular, the added burden of updates and maintenance can weigh heavily on developers who likely have other priorities. These developers might try to find paths to monetize their extensions, but it often isn't as simple as just putting a price tag on them.

There are a handful of "monetization-as-a-service" companies that have emerged, promising developers a way to be compensated for their hard work. These companies offer software libraries that can be easily added to existing extensions (sometimes without requiring any new permissions!) and in return, extension developers begin getting paid as their extensions are used. Does that sound too good to be true?

There are several of these libraries, but some of the more popular ones track user browsing behaviors to generate 'clickstream' data. The companies creating these libraries are targeting developers and are often advertising technology firms that aggregate the data and offer their clients (very large companies) realistic profiles of browsing behaviors for advertising purposes.

Recently, we discovered a new monetization library developed by Mellowtel that pays extension developers in exchange for the "unused bandwidth" of users who have an extension installed. The reality could be far more sinister. We'll cover what that actually means, who is actually behind the library, and the cybersecurity risks a company should consider if they find an extension using this library.

Searching for something unknow https://secureannex.com/blog/searching-for-something-unknow/

13/04/2025 10:51:44

After the release of the Secure Annex ‘Monitor’ feature, I wanted to help evaluate a list of extensions an organization I was working with had configured for monitoring. Notifications when new changes occur is great, but in security, baselines are everything!

To cut down a list of 132 extensions in use, I identified a couple extensions that stuck out because they were ‘unlisted’ in the Chrome Web Store. Unlisted extensions are not indexed by search engines and do not show up when searching the Chrome Web Store. The only way to access the extension is by knowing the URL.

Secure Annex - Enterprise Browser Extension Security & Management Platform https://secureannex.com/blog/buying-browser-extensions/

19/03/2025 21:07:40

An investigation into buying access to browsers through extensions

Liens par page

Filtres