ADGUARD: Big Star Labs develop multiple apps and browser extensions for stealing private information

Advertising blockade software developer ADGUARD recently released a report saying that advertising companies have developed a variety of applications and extensions for stealing private information.

These apps and browser extensions are available to the Google App Store and the Google Chrome Store as well as the Firefox browser extension store.

According to conservative estimates by ADGUARD, at least 11 million users have been stolen from private information, and the advertising company uses a variety of methods to circumvent detection and tracing.

Disguised as an ad blocking software or system tool to induce user downloads:

To attract users to download these malicious programs, their developers have faked their names into ad-masking software or system optimisation tools to influence users.

For example, BlockSite, which appears in both the Google App Store, the Google Chrome Online Store, and the Firefox Store, is an ad blocking extension.

In the Google App Store, there are power optimisation, application locks, system cleanups, etc. for Android, all pretending to be optimisation tools to induce users.

Ads such as ad-masks and mouse gestures that appear in both Google Chrome and Firefox browsers are also legitimate extension-inducing users.

On the surface, the tool reads a variety of information:

The purpose of these applications or extensions is actually to get information, such as the user’s web browsing history or which applications are installed.

Moreover, all of these programs on the download page indicate that the user’s private information will not be collected, but as soon as the installation is installed, the collection will be started and uploaded to the server for storage.

Eventually, this information will be collated and labelled with different preferences and habits of different users, and then sold to other advertising agencies to push more accurate ads.

Use a variety of means to evade tracing:

ADGUARD tracking found that these applications were released using some different developer accounts to prevent other spyware from being affected by the offending label.

ADGUARD said that they took a long time to find out all the procedures of the advertising company, and Google and Firefox have now removed them from the shelves.

Also, the company named BIG STAR LABS tried to hide in the whole network. A picture instead of text replaced any place with a company name.

In this way, the search engine can not find the corresponding webpage when searching, and it is not clear whether the user’s data has been packaged and sold by the company.

Malicious programs are as follows: Block Site, Speed BOOSTER, Battery Saver, AppLock, Clean Droid, CrxMouse, etc.