Security researchers from Secure Annex recently highlighted a growing trend in the monetization of browser extensions. They identified a method where a distributed network is utilized for scraping, indexing the contents of websites. In this scheme, user systems act as Web-boots and proxies for downloading site content. The browser extension installed on these systems receives instructions from an external server to index sites, updates the requested content in a hidden iframe, and then sends the data to the external service. A total of 245 extensions employing this monetization strategy were found in Chrome, Firefox, and Edge catalogs, with a cumulative installation count of 909,000.
This operation is facilitated through the activation of the mellowtel.js JavaScript library, available on GitHub. The library is associated with the mellowtel project, which advocates for a new monetization platform. This platform is not limited to browser extensions, but can also be integrated with programs built on frameworks such as Flutter and Electron. Its core concept revolves around developers earning revenue by completing tasks related to indexing web content to train AI systems, as opposed to resorting to invasive methods like selling user data.
The demand for data by AI companies to train models has resulted in a surge of bots indexing sites without abiding by set restrictions or following Robots.txt indexing guidelines. These bots place excessive strain on servers, disrupt system performance, and demand the attention of administrators. Consequently, measures are being taken to counteract this issue, with entities like the CloudFlare content delivery network recently implementing measures to block such bots by default.