Jump to content

EU Cookie Law Popup Pushes Dodgy Chrome Extension Down Your Throat


Batu69

Recommended Posts

Cookie consent script spams website visitors

eu-cookie-law-popup-pushes-dodgy-chrome-

   Extension that users were tricked to install

 

Belgian security researcher Bart Blaze has come across a new method of pushing Chrome extensions using scareware tactics.

The researcher noticed this new trick while surfing the Web. When on a particular site he did not want to name, he noticed an annoying popup trying to scare users into thinking their browser contained malware.

"Your browser contains MALWARE. You have to install Chrome Malware Removal tool," the popup read, which when the user pressed OK, would redirect him to a Google Chrome Web Store page, where the user could install the Chrome Malware Removal Tool extension.

Trying to figure out if the website he was visiting was somehow hacked and compromised to show such annoying popups, the researcher couldn't find anything suspicious in the site's source code.

He did find the source of the popup, but not in the site itself, but in a script loaded by a third-party service which the website had contracted to show its EU Cookie Law consent popups.

The EU Cookie Law popup was secretly loading the second pop-up, which it was using to push the shady Chrome extension down the user's throats.

And we say shady because if you take a look at the Chrome extension's user reviews, half of them are from users accusing the tool of being malware itself.

"Stay clear from scripts offered by 3rd party EU cookie consent websites and rather create your own pop-up," Blaze advises fellow webmasters.

 

eu-cookie-law-popup-pushes-dodgy-chrome-

 Popup that appeared on the hijacked site

 

Article source

Link to comment
Share on other sites


  • Views 558
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...