Browser extensions turn nearly 1 million browsers into website-scraping bots

A recent investigation has revealed that browser extensions installed on nearly 1 million devices are bypassing essential security measures to transform these browsers into tools for scraping websites on behalf of paying clients. According to researcher John Tuckner from SecurityAnnex, 245 such extensions, compatible with Chrome, Firefox, and Edge, have collectively amassed close to 909 million downloads. These extensions serve various functions, from managing bookmarks to enhancing audio output and generating random numbers. However, they share one critical feature: the integration of MellowTel-js, an open-source JavaScript library designed for developers to monetize their extensions. Tuckner and other experts have raised concerns that this monetization strategy involves using the extensions to scrape data from websites for advertisers who are the clients. Tuckner's findings point to a significant connection between MellowTel and Olostep, a company promoting itself as a leading provider of web scraping APIs. Olostep's claims suggest their services can evade bot detection and handle up to 100,000 requests within minutes. Clients provide specific browser locations to access targeted web pages, and Olostep leverages the network of users with the extensions to execute these requests. After scrutinizing the MellowTel code, Tuckner noted, "This operation mirrors the scraping commands we observed while analyzing the library in use. We suspect that scraping requests from Olostep are distributed across any active extensions utilizing the MellowTel framework." In response, MellowTel's founder stated that the library aims to facilitate bandwidth sharing without intrusive ads or the collection of personal data. He emphasized that companies are paying for this traffic primarily to access publicly available website data in a trustworthy and economical manner. The revenue model allows extension developers to earn 55 percent of the income generated, with MellowTel retaining the remainder.