Chrome and Firefox Headless Modes May Spur New Adware & Clickfraud Tactics
By Catalin Cimpanu | June 22, 2017
The first to add support for a headless mode was Google, in Chrome 59, released earlier this month. According to this Mozilla bug report, Mozilla will add a similar headless mode in Firefox 56, set for release next month.
…
Regular users won’t notice anything since the addition of headless mode doesn’t change anything in how both Chrome and Firefox look or behave in standard mode.
While this feature sounds very useful for developers and very uninteresting for day-to-day users, it is excellent news for malware authors, and especially for the ones dabbling with adware.
In the future, adware or clickfraud bots could boot-up Chrome or Firefox in headless mode (no visible GUI), load pages, and click on ads without the user’s knowledge. The adware won’t need to include or download any extra tools and could use locally installed software to perform most of its malicious actions.
In the past, there have been quite a few adware families that used headless browsers to perform clickfraud.
…
Antivirus software makers will need to adapt along with Chrome and Firefox if they want to prevent users’ computers from being hijacked and abused behind their owners’ backs. Security products that come with support for behavioral analysis are most likely in a better position to detect this new types of adware attacks.
Read the full article here
