Experts get Google and Microsoft to remove trusted ModHeader with 1.6 million installations after discovering it could collect all kinds of data.



  • Stripe OLT discovered that ModHeader v7.0.18 carried a hidden spyware SDK, which leaked daily visited domains to a Chinese-owned server and acted as adware.
  • The extension had 1.6 million downloads on Chrome and Edge before being removed, but installed endpoints remain at risk
  • Researchers urge defenders to identify and remove existing installations, as removing stores does not automatically fix compromised devices.

ModHeader, a trusted Chrome and Edge browser extension with over 1.6 million downloads, was found to be malicious and apparently sending sensitive data to a Chinese-owned server, and has since been removed from both repositories.

Security researchers Stripe OLT revealed the news in a new report, describing how a ModHeader v7.0.18 version carried a hidden spyware SDK.

Leave a Comment

Your email address will not be published. Required fields are marked *