Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chrome and Firefox Headless Modes May Spur New Adware & Clickfraud Tactics (bleepingcomputer.com)

Posted by msmash on from the browsers-trend dept.

From a report: During the past month, both Google and Mozilla developers have added support in their respective browsers for "headless mode," a mechanism that allows browsers to run silently in the OS background and with no visible GUI. [...] While this feature sounds very useful for developers and very uninteresting for day-to-day users, it is excellent news for malware authors, and especially for the ones dabbling with adware. In the future, adware or clickfraud bots could boot-up Chrome or Firefox in headless mode (no visible GUI), load pages, and click on ads without the user's knowledge. The adware won't need to include or download any extra tools and could use locally installed software to perform most of its malicious actions. In the past, there have been quite a few adware families that used headless browsers to perform clickfraud. Martijn Grooten, an editor at Virus Bulletin, also pointed Bleeping Computer to a report where miscreants had abused PhantomJS, a headless browser, to post forum spam. The addition of headless mode in Chrome and Firefox will most likely provide adware devs with a new method of performing surreptitious ad clicks.

4 of 80 comments (clear)

  1. They've been using Content Shell from Google... by Anonymous Coward · · Score: 2, Informative

    for years. This is nothing new. Plus, PhantomJS is popular for attacking web sites.

  2. Re:Unclick the checkbox. by Fly+Swatter · · Score: 5, Informative

    What checkbox? I don't see anything on the v59.0.3071.104 settings page that relates to headless. It is not "enable running background apps when google chrome is closed", as that has been available for a long time and is probably unrelated. Headless mode is started via command line option: "--headless". Care to explain where the setting to disable this is ?

  3. Re:What for? by dtandersen · · Score: 4, Informative

    Imagine you're a developer and you want to see if your website works. You open your website in Chrome and run a few tests. As the website grows this starts to take a long time. So you automate the process by having software control the web browser. Headless mode is useful so you can run this automated process on a remote server with no monitor. Every time you check in code this automated test process runs and tests your website.

  4. Re:OK, we know the downside... by dinfinity · · Score: 3, Informative

    More reliable automated testing of web applications.
    https://en.wikipedia.org/wiki/...

    Typically used in combination with Selenium.