Warning: Awesome Screenshot users should remove it from Chrome immediately [Malware]

Spread the word: if you’ve got the Awesome Screenshot Chrome extension installed on your computer, you should remove it immediately. I absolutely loved the extension and used it dozens of times per day, but recent reports claim it could contain malicious code that accesses sensitive data from your web browsing history.

awesome-screenshot-virus

Before we throw the creators of Awesome Screenshot under the bus, let’s be clear: we’re not suggesting they are purposefully doing something malicious. More likely they’ve packaged their extension with 3rd party code that allows them to earn money by anonymously gathering/selling user’s browser history- not much different than allowing cookies on your computer. But it seems the code executed by Awesome Screenshot (or their ad partners) is taking some liberties that we wouldn’t suggest you tolerate.

Details of the naughty code aren’t blatantly obvious, but rather were uncovered after several Awesome Screenshot users noticed private URLs from their servers being accessed by a crawler called “niki-bot”. Connecting the dots led down the following (summarized) path:

  • “niki-bot” detected as a crawler with unusual activity
  • Crawler ignores robots.txt and crawls everything including password protected URLs
  • Other users found similar issues, tracing it back to Awesome Screenshot
  • Since the screenshot collected private URLs and could potentially access the user’s cookies, a malicious party could login as the user to password protected accounts
  • One company was able to connect niki-bot to similarwebie.exe, likely run by a company called “Similar Web” that is known to track and sell 3rd part data
  • This collected information is being stored and sent over plaintext HTTP, which poses a security threat of itself

Exactly what information is being shared with who is unknown, but there’s enough evidence that we suggest you be (at the very least) suspicious and uneasy. Let’s not forget that this isn’t only about unauthorized access to password protected sites: sites like YouTube, GitHub, and Google Docs allow you to create “private links” that aren’t intended for anyone’s eyes except those with whom you share the link. These are being tracked and recorded, too.

The folks at Awesome Screenshot have seen similar complaints about adware that injects ads. While they’ve addressed these concerns directly on Twitter – showing they’re not hiding from customers – it seems the issues have yet to be resolved.

Screen Shot 2014-08-24 at 8.07.49 PM

We’d like to give the folks at Awesome Screenshot the benefit of the doubt because they’ve made an awesome product that millions of people enjoy. However, our benefit of the doubt extends only to our presumption of their intent; we still cannot recommend using the extension so long as it’s still accessing this sensitive info.

We’ll let you know when we feel Awesome Screenshot is safe to use again. To make sure you don’t miss the news, you can:

Please pass this info on to any Chrome users who might also use Awesome Screenshot by sharing this article.

not-awesome-screenshot-2



  • Fy900

    The Awesome Screenshot Chrome extension is perhaps only one of its kind to let the current window scroll while Capturing Selected Area (TL;DR: scrolling window capture feature). What a disappointment that a scrolling window capture feature should be a must-have in every desktop screenshot-capturing program/app/add-on (including Chrome).

    Awesome Screenshot’s official Twitter account isn’t updated sine August 1.

  • mig5

    Hello,

    I wrote the original article about this at mig5.net. Just letting you know that the latest version (as at 25th August) of Awesome Screenshot, v 3.7.12, now contains a hidden ‘Opt Out’ setting in the extension’s preferences page. However, it is *enabled* by default, so no behaviour changes out-of-the-box. Users need to manually opt-out after install or upgrade.

    Read more here: https://mig5.net/content/awesome-screenshot-update-3712-offers-opt-out-spyware-option

  • Tara

    Searching for a better extension to replace this terrible photo viewer on my Chromebook. Don’t want one online. Can you suggest? And thanks for the data re Awesome Screenshot ….posted to my friends on FB.

  • Kelly Rush

    Check out Snagit for Google Chrome, scrolling capture was just added a few weeks ago.

  • Phaz0n

    Thanks for the heads up Rob!! I fortunately never used Awesome Screenshot.

  • Pablo Proline

    Also check out nimbus, better than this garbage anyway.

  • Seth

    Have you been able to evaluate the current (2016) release of Awesome Screenshot extension? It’s still flagged in MalwareBytes as containing adware but neither Chrome nor Safari show any option to uncheck the options for the search tool in the current extension, so maybe it’s been removed by the developer?