Over 11 million people have installed spyware from 'Big Star Labs'

[Matrix]

Apps are quietly collecting full browser histories against Google rules

 

In brief: A new batch of spyware has been discovered by AdGuard Research. The malware comes in the form of Android app (and one unsanctioned iOS app) and extensions for Chrome and Firefox. The apps are owned by a company called "Big Star Labs," but nothing is known about it.

Security researchers at AdGuard discovered multiple browser extensions and apps that were secretly collecting the browsing history of over 11 million people. All of the apps belonged to Big Star Labs based out of Delaware. However, nobody can figure out who is behind the company or who they share the data with.

“The apps and extensions we discovered doing this belong to a newly registered Delaware company named 'Big Star Labs,' so it is difficult to track them down to the real beneficiaries,” said Andrey Meshkov with AdGuard Research. “This also makes it almost impossible to track whom they share your data with.”

Big Star Labs appears to be using primarily nine products for its spying (number of installs in brackets).

• Block Site for Android, Chrome, and Firefox [1.7 million+]
• AdblockPrime for iOS [unknown]
• Mobile Health Club for Android [unknown]
• Poper Blocker for Chrome and Firefox [2.3 million+]
• CrxMouse for Chrome [410,000+]
• Speed BOOSTER for Android [5 million+]
• Battery Saver for Android [1 million+]
• AppLock | Privacy Protector for Android [500,000+]
• Clean Droid for Android [500,000+]

The privacy policies of all the apps claim that they only collected “non-personal” or “anonymized” data. However, as the apps are collecting your browsing data, your true identity can be exposed or ascertained. For example, unless you use a pseudonym, every time you visit your Facebook or Twitter profile your real name is revealed to anyone looking at your browsing history.

However, it is not just your name that can be discovered in your browsing history. Snoops can see where you shop, what products interest you, how much you spend, what bank you use, and the list goes on. It becomes very easy for companies to develop a complete profile of someone just from their browsing history. There was even a study conducted by Stanford showing that analysts can de-anonymize web browsing data by comparing it against social media profiles.

“The real problem is not just that this one company learns who you are,” says Meshkov. “The data which is collected about you then can be shared, sold, and combined with data from other sources. In the end, the final product is your complete profile.”

Plus during its investigation, AdGuard discovered that in many instances so-called “anonymous” data was not so anonymous. After decoding and analyzing the raw information sent to affiliated servers, the researchers found several identifying factors within the requests.

Meshkov points out that every batch of data sent out is marked with the users own unique identifier that was generated upon installation of the app or extension. This in and of itself is not personally identifying, but when combined with the rest of the information sent, it is easy to discover the identity of the user.

“Also, as you can see, the data sample contains some Twitter URLs I visited, which can be used to easily identify me,” said Meshkov pointing to a sample of collected data (image below).

As for sharing this data, Big Star Labs will share it with whomever they want. In its privacy policy, it uses a form of doublespeak that Meskov says is common with companies using spyware. For example, the privacy statement will begin by saying it does not share your data, but in subsequent paragraphs will contradict that statement as an exception.

Furthermore, it never discloses whom it is sharing the data with, always using terms like “third-party service providers,” “parent company,” “subsidiaries,” “joint ventures,” and “affiliated companies.” Meshkov says that Big Star Labs has gone to great lengths to hide its identity and those of its partners.

“Big Star Labs is pretty good at hiding their affiliated apps and websites. Every document that contains the company name is an image (in other words, you cannot simply Google their name), they use different accounts in extension stores, and the domain owners aren't publicized. It made me use some serious Google-fu to find a bunch of Android apps which belong to the same "Big Star Labs" company: Speed BOOSTER, Battery Saver, AppLock | Privacy Protector, Clean Droid, Block Site.”

Indeed, a Google search of “Big Star Labs” only turns up articles that have been recently written exposing the shady company — official website, company profile, or any other information cannot be found.

As of this morning, all of the apps and extensions have been removed from Google Play and the Chrome WebStore. If you already have one or more of the apps, you might want to uninstall them. As always, be careful when picking your software. Read the privacy policy and terms of service agreements, and never install anything unless you trust the developer.

 

source

[bubbada]

damn and i had Poper Blocker for Chrome so I've took it off and noticed its not in the chrome extension store, funny though google dont warn you of it being malicous even though its already installed in your browser.

[flash48]

I know it may be a pain but, everyone should remove these spying apps and start clearing their cache, history and cookies after every web session.

[bubbada]

I noticed Pop up Blocker Is back on Webstore

 

their Privacy policy https://poperblocker.com/privacy/ (Dated 9 August 2018)

 

By using the product you can Opt Out Right?

Yeah if you don't want it to function by unchecking "Enable Overlay Blocking" (Blxxdy Pointless ay.)

[steven36]

On 7/28/2018 at 2:41 PM, flash48 said:

I know it may be a pain but, everyone should remove these spying apps and start clearing their cache, history and cookies after every web session.

If you use a ip  sniffer you can see what a extension does  if it calls home or not all adblockers have to call to update there filter list  if you use list, but no popupblocker ever have a reason to call home just like  that Popup Blocker Ultimate i exposed it on here long ago for calling home, still Firefox dont remove it from Amo. Popup Blocker (strict) is a clean one but i stop using any popupblocker i just add rules to my ad blocker to block them now,. my browser is set up for when i close it and open it back up it deletes all not trusted cookies for sites i dont trust for sites i trust i preserve the cookies, not all cookies are bad .

 

If you are this paranoid you better remove the browsers themselves, because they have crap built in them that spy on you really .

 

The Tiles on Mozilla Firefox's "New Tab" page record the time, IP Address, and useragent of anyone that clicks on them to the Infernyx server. LPT: Just because something is opensource does not mean it is privacy friendly.

https://github.com/mozilla/infernyx

https://old.reddit.com/r/privacy/comments/996geh/the_tiles_on_mozilla_firefoxs_new_tab_page_record/

 

I replaced the newtab page with FVD Speed dial a addon i been using for years its much more advanced  for adding websites than Mozilla's spyware . Windows 10 firewall control blocks a lot of Firefox telemetry out the box .  

[flash48]

19 minutes ago, steven36 said:

 

The Tiles on Mozilla Firefox's "New Tab" page record the time, IP Address, and useragent of anyone that clicks on them to the Infernyx server. LPT: Just because something is opensource does not mean it is privacy friendly.

 

Thanks for the advice Steven.  I added the following entry to my host file,  this should prevent Firefox from phoning home.

 

0.0.0.0 tiles.services.mozilla.com

 

[steven36]

26 minutes ago, flash48 said:

 

Thanks for the advice Steven.  I added the following entry to my host file,  this should prevent Firefox from phoning home.

 

0.0.0.0 tiles.services.mozilla.com

 

you can also just disable it all by unchecking all the boxes

about:preferences#home

And add you're favorite search engine for a home page