Warning: Awesome Screenshot users should remove it from Chrome immediately [Malware]

Spread the word: if you’ve got the Awesome Screenshot Chrome extension installed on your computer, you should remove it immediately. I absolutely loved the extension and used it dozens of times per day, but recent reports claim it could contain malicious code that accesses sensitive data from your web browsing history.


Before we throw the creators of Awesome Screenshot under the bus, let’s be clear: we’re not suggesting they are purposefully doing something malicious. More likely they’ve packaged their extension with 3rd party code that allows them to earn money by anonymously gathering/selling user’s browser history- not much different than allowing cookies on your computer. But it seems the code executed by Awesome Screenshot (or their ad partners) is taking some liberties that we wouldn’t suggest you tolerate.

Details of the naughty code aren’t blatantly obvious, but rather were uncovered after several Awesome Screenshot users noticed private URLs from their servers being accessed by a crawler called “niki-bot”. Connecting the dots led down the following (summarized) path:

  • “niki-bot” detected as a crawler with unusual activity
  • Crawler ignores robots.txt and crawls everything including password protected URLs
  • Other users found similar issues, tracing it back to Awesome Screenshot
  • Since the screenshot collected private URLs and could potentially access the user’s cookies, a malicious party could login as the user to password protected accounts
  • One company was able to connect niki-bot to similarwebie.exe, likely run by a company called “Similar Web” that is known to track and sell 3rd part data
  • This collected information is being stored and sent over plaintext HTTP, which poses a security threat of itself

Exactly what information is being shared with who is unknown, but there’s enough evidence that we suggest you be (at the very least) suspicious and uneasy. Let’s not forget that this isn’t only about unauthorized access to password protected sites: sites like YouTube, GitHub, and Google Docs allow you to create “private links” that aren’t intended for anyone’s eyes except those with whom you share the link. These are being tracked and recorded, too.

The folks at Awesome Screenshot have seen similar complaints about adware that injects ads. While they’ve addressed these concerns directly on Twitter – showing they’re not hiding from customers – it seems the issues have yet to be resolved.

Screen Shot 2014-08-24 at 8.07.49 PM

We’d like to give the folks at Awesome Screenshot the benefit of the doubt because they’ve made an awesome product that millions of people enjoy. However, our benefit of the doubt extends only to our presumption of their intent; we still cannot recommend using the extension so long as it’s still accessing this sensitive info.

We’ll let you know when we feel Awesome Screenshot is safe to use again. To make sure you don’t miss the news, you can:

Please pass this info on to any Chrome users who might also use Awesome Screenshot by sharing this article.