Nearly a million browsers affected by more malicious browser extensions – here’s what we know


- Researchers find 245 extensions installed on nearly a million devices
- The extensions could turn devices into web scraping bots for a commercial service
- Researchers warned about major security implications
A new investigation has revealed 245 browser extensions, installed on almost a million devices, have been leading a double life, as besides the operations they were designed for, they were also silently disabling key security protections in the browsers to enable paid web scraping operations.
This is according to security researcher John Tuckner from Security Annex, who found numerous extensions doing different things, from managing bookmarks, to boosting speaker volume. All of them embed a JavaScript library called MellowTel-js, which connects to an external AWS server and collects data about the user’s location, bandwidth, and browser status.
It also injects hidden iframes into the web pages users are visiting, and then loads other websites, chosen by MellowTel’s infrastructure. Furthermore, it strips web security headers, bypasses bot detection, and ultimately – shares bandwidth for profit.
Leveraging unused bandwidth
The JavaScript is tied to a company named Olostep, which promotes itself as a high-performance web scraping API that bypasses bot detection and can send out up to 100,000 parallel requests.
When paying clients submit a target website, Olostep uses the devices running affected extensions to scrape the site, effectively turning the browsers into distributed scraping bots, without the end users’ knowledge, or consent.
Ars Technica found MellowTel’s founder said the library was designed to share user bandwidth without stuffing affiliate links, unrelated ads, or collecting personal data.
“The primary reason why companies are paying for the traffic is to access publicly available data from websites in a reliable and cost-effective way,” he was cited saying, adding that extension developers receive 55%of the revenue, while the rest went to MellowTel.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Despite claims of a privacy-friendly way to monetize unused bandwidth, critics argue it exposes users to serious privacy and security risks, especially in enterprise environments. In its writeup, CyberInsider says the scale and architecture of the system makes it “ripe for abuse” by threat actors.
“The use of real browser sessions, potentially behind corporate VPNs or inside private networks, introduces profound risks. These include the potential for unauthorized internal resource access, impersonation of legitimate traffic, and degradation of browser security due to the removal of enforced headers.”
Some extensions have been removed or deactivated after being flagged for malware, while others cleaned up the controversial code in recent updates. Many remain active, and users are advised to review the full list of extensions found here.
You might also like
Researchers find 245 extensions installed on nearly a million devices The extensions could turn devices into web scraping bots for a commercial service Researchers warned about major security implications A new investigation has revealed 245 browser extensions, installed on almost a million devices, have been leading a double life, as…
Recent Posts
- Krafton slams ex-Subnautica 2 execs — who now say they’re suing
- The 7 Best Prime Day Action Camera Deals for Thrill Seekers (2025)
- Qantas confirms 5.7 million customers impacted by data breach
- Conspiracy theorists are blaming flash floods on cloud seeding — it has to stop
- A Republican state attorney general is formally investigating why AI chatbots don’t like Donald Trump
Archives
- July 2025
- June 2025
- May 2025
- April 2025
- March 2025
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022