Experts call on Google and Microsoft to remove trusted ModHeader with 1.6 million installations after discovering it can harvest all kinds of data


  • Stripe OLT discovered that ModHeader v7.0.18 contained a hidden spyware SDK, exfiltrating visited domains to a Chinese server on a daily basis and acting as adware.
  • The extension saw 1.6 million downloads on Chrome and Edge before being removed, but installed endpoints remain at risk.
  • Researchers urge defenders to identify and remove existing installations because removing stores does not automatically fix compromised devices.

ModHeader, a trusted Chrome and Edge browser extension with over 1.6 million downloads, was found to be malicious, apparently sending sensitive data to a Chinese-owned server, and has since been pulled from both repositories.

Security researchers Stripe OLT revealed the news in a new report, describing how a ModHeader v7.0.18 build contained a hidden spyware SDK.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top