A team of security researchers have found malware in a popular Chrome extension which may have sent the browsing data of over 1.2m users to a single IP address. ScrapeSentry credits its researchers with uncovering "a sinister side-effect to a free app [...] which potentially leaks [users'] personal information back to a single IP address in the USA".
Martin Zetterlund, one of ScrapeSentry's founders, told The Register that the extension's malicious functions would have been difficult to recognise through an automated auditing service because the sneaky developer had ensured this functionality is not downloaded until seven days after being installed..

The link for this article located at The Register UK is no longer available.