Threat Watch

Stay informed of cybersecurity news & events

Avast and AVG Anti-Virus Browser Extensions Removed From Mozilla and Opera Stores

Share on facebook
Share on twitter
Share on linkedin

Wladimir Palant, creator of the popular “Adblock Plus” browser extension, is warning against the use of Avast and AVG browsers and browser extensions after extensive research into the data collected by each of them. Wladimir first wrote on the extensions in October, going into great detail about the information being collected and sent back to Avast’s servers. Because Avast bought competitor AVG a few years ago, a nearly identical browser and browser extension were released under the AVG brand as well. After publishing his findings, both Mozilla and Opera have removed the extensions from their respective extension stores until further notice. See the table below for all the information being collected. Avast Online Security and AVG Online Security remain in Google’s Chrome Extension store at this time.

FieldContents
uriThe full address of the page you are on.
titlePage title if available.
refererAddress of the page that you got here from, if any.
windowNumIdentifier of the window and tab that the page loaded into.
tabNum
initiating_user_actionHow exactly you got to the page, e.g. by entering the address directly, using a bookmark or clicking a link.
windowEvent
visitedWhether you visited this page before.
localeYour country code, which seems to be guessed from the browser locale. This will be “US” for US English.
useridA unique user identifier generated by the extension (the one visible twice in the screenshot above, starting with “d916”). For some reason this one wasn’t set for me when Avast Antivirus was installed.
plugin_guidSeems to be another unique user identifier, the one starting with “ceda” in the screenshot above. Also not set for me when Avast Antivirus was installed.
browserTypeType (e.g. Chrome or Firefox) and version number of your browser.
browserVersion
osYour operating system and exact version number (the latter only known to the extension if Avast Antivirus is installed).
osVersion

Wladimir mentions in a second post being given the suggestion to look at a Jumpshot, a company purchased by Avast in 2013. Jumpshot sells collected tracking analytics and praises its data feeds. “Incredibly detailed clickstream data from 100 million global online shoppers and 20 million global app users. Analyze it however you want: track what users searched for, how they interacted with a particular brand or product, and what they bought. Look into any category, country, or domain.”

 

ANALYST NOTES

Always exercise caution when installing browser extensions and applications. The safest approach is to only install the minimum extensions necessary, and only install official versions of extensions from reputable publishers. Unfortunately, in this case, the official extensions were the offenders. In these cases, it may also help to read the privacy policies to know exactly what data is being collected and how it is used before making the decision to use an extension. Because so many critical business services with access to sensitive data are accessed through web browsers, it is important to limit the access of 3rd party companies to that data. Browser extensions can give companies access to a significant amount of information and should be strictly controlled by corporate policy. Source: https://palant.de/2019/10/28/avast-online-security-and-avast-secure-browser-are-spying-on-you/, https://palant.de/2019/12/03/mozilla-removes-avast-extensions-from-their-add-on-store-what-will-google-do/

Contact Support

Please complete the form below and a member of our support team will respond as quickly as possible.