I just checked the original video. It works a little bit differently than plain URL replacement. They open another tab in the background and then send a manipulated URL to get the affiliate cookie set to their own. Guess it’s for the courts to decide if that is a legal practice or not. But to me it seems that the malicious extension sends a manipulated URL to the server pretending to do that on user’s behalf, without his knowledge. That is classic malware behavior.
Realistically most extensions open many links in the background. Even a simple adblocker will “open links” or URLs in the background to perform updates of lists etc.
The difference here is the malware was installed by the user after accepting a user agreement that probably covers network use…
Also they hijack the affiliation when the users interact with the extension and not with the website where the link for the product is.
I doubt honestly this will be a good angle to attack Honey.
IMO the fact that users are told that the best coupon will be used even though it’s demonstrably not true is a much more provable issue.
Especially since the extension opens a tab for an instant makes me think they didn’t really try to be super super sneaky.
I just checked the original video. It works a little bit differently than plain URL replacement. They open another tab in the background and then send a manipulated URL to get the affiliate cookie set to their own. Guess it’s for the courts to decide if that is a legal practice or not. But to me it seems that the malicious extension sends a manipulated URL to the server pretending to do that on user’s behalf, without his knowledge. That is classic malware behavior.
https://youtu.be/vc4yL3YTwWk?t=281
Realistically most extensions open many links in the background. Even a simple adblocker will “open links” or URLs in the background to perform updates of lists etc.
The difference here is the malware was installed by the user after accepting a user agreement that probably covers network use…
Also they hijack the affiliation when the users interact with the extension and not with the website where the link for the product is.
I doubt honestly this will be a good angle to attack Honey.
IMO the fact that users are told that the best coupon will be used even though it’s demonstrably not true is a much more provable issue.
Especially since the extension opens a tab for an instant makes me think they didn’t really try to be super super sneaky.