Experts prompt Google and Microsoft to pull trusted ModHeader with 1.6 million installs after finding it could harvest all kinds of data


  • Stripe OLT found that ModHeader v7.0.18 carried a hidden spyware SDK that daily exfiltrated visited domains to a Chinese-owned server and acted as adware
  • The extension had 1.6 million downloads across Chrome and Edge before it was pulled, but installed endpoints are still at risk
  • Researchers encourage defenders to identify and remove existing installations, as removal from stores does not automatically remediate compromised devices

ModHeader, a trusted Chrome and Edge browser extension with more than 1.6 million downloads, was found to be malicious, apparently sending sensitive data to a Chinese-owned server, and has since been pulled on both repositories.

Security researchers Stripe OLT revealed the news in a new report detailing how a ModHeader build v7.0.18 carried a hidden spyware SDK.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top