Recent Snoopware Hits Over 11 Million Firefox, Android and iOS Users

In the ever more difficult fight to keep our private lives private, millions of internet users have to contend with a sudden loss of privacy through the covert installation of snoopware on their devices. If you’ve used an app or browser extension offered by Big Star Labs in the past year or so you could very well have been infected.

Anonymous data isn’t always private

News of this particular leak was released as of Tuesday and has just begun to gain traction, as reported by AdGuard, a producer of ad-blocking and internet privacy tools. The blog post details how a recent rash of apps purported to guard your online identity have actually been put to use in the mass farming of user data by a corporation operating under the name of Big Star Labs, a newly founded company in the United States that has little to no business history that can be easily tracked to its founding corporation.

The applications offered by Big Star Labs often scrape the entirety of a user’s browser history and send it to a remote server to then be forward to whoever happens to be collecting that data. In and of itself, this is only a step or two beyond how most tracking software creates a database of internet traffic, but Big Star Labs’ programs take this a step further by sending user data connected to a unique identifier that is believed to be generated when a new user installs an extension on one of their devices.

Currently, known programs and apps offered by Big Star Labs that may be affected are as follows:

• AppLock | Privacy Protector
• AdBlockPrime
• Battery Saver
• BlockSite
• Clean Droid
• CrxMouse
• Poper Blocker
• Speed BOOSTER

Between these programs, around 11 million users or devices are believed to have been infected. Each program contains a privacy policy that generally outlines how a user’s data will be collected, yet the reasons given are described by AdGuard’s co-founder, Andrey Meshkov, as “weak at best” with most privacy policies offered in the form of an image rather than text. In image form these policies aren’t so easily archived by text-scraping web trackers, thus making them easier to falsify or remove in the future. An example of these privacy policies can be found here.

Snoopware may not be as immediately obvious or malicious as overt malware, but the damage it can cause isn’t always as minor as browser data. Long-standing snoopware SkyGoFree can remotely take control of an infected device, though the end goal of the infection seems to be the mass harvesting of user data including phone call logs, SMS messages and even photo data.

None of the offending apps seem to be currently offered in Google Play or the Chrome Web Store, though Meshkov noted the Block Site Android app may have been available to users as late as a day after his article went live. Some of these apps may have been offered directly through websites as was the case with AdBlockPrime on iOS devices, which offered itself to website visitors using Safari, but does not seem to have been available on the iOS store.

As always, double check what applications you have installed on your phone regularly and ensure what you download is actually living up to its promises. Considering how these apps seem to have been purchased well after their development dates, a regular purge of outdated apps may be vital in data security moving forward.