Technadu
ModHeader Extension Removed for Covert Data Collection
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The ModHeader browser extension, used by approximately 1.6 million users across Chrome and Edge, was removed after researchers discovered a dormant data-collection capability embedded in its signed release. The extension contained a hidden spyware SDK that could harvest and encrypt browsing data, although it was inactive due to an empty allow-list. Google and Microsoft took action to remove the extension from their stores following the findings, which were verified by a U.K.-based security firm. Users are advised to check and remove ModHeader from their devices as it remains installed unless manually deleted. The malicious infrastructure is linked to a domain masquerading as 'Stanford Studies,' with indications of a Chinese-speaking operator. The incident highlights vulnerabilities in trusted extensions and the potential for supply-chain attacks.
Key Points: • ModHeader extension, with 1.6 million installs, was removed for hidden data collection. • The spyware SDK was dormant but could be activated through future updates. • Users must manually remove ModHeader as it remains installed on their devices.