Users Exposed to Cross-Site Tracking Via The Kaspersky Antivirus


Kaspersky Antivirus: To begin with, the fact about running a successful marketing campaign in this digital era is done through the successful tracking of the users across the internet in order to identify them and as well as learn their interests to provide the targeted ads that might be beyond helpful in promoting the companies. In most of the incidents, the solution that has already been spoken of relies highly on the 3rd-party cookies, a cookie set on a domain other than the one you are browsing at that time that permits the companies including Google and Facebook to fingerprint you in the bid to track your every move across multiple sites.

Nevertheless, if you are using the Kaspersky Antivirus for your desktop or PC, a vulnerability in the security software had exposed a unique identifier associated with you to every website you visited in the past 4 years, which might have permitted those sites and other third-party services to track you across the web even if you have blocked or erased the third-party cookies on time. The vulnerability has been identified as CVE-2019-8286 and has been discovered by an independent security researcher named Ronald Eikenberg who resides in the way a URL scanning module integrated into the antivirus software, called the Kaspersky URL Advisor.

As a default feature, the Kaspersky Internet Security solution injects a remotely hosted JavaScript file directly into the HTML code of every webpage that you or any user visits including all the web browsers and the incognito mode, which is a clear attempt to identify if the page belongs to the list of the suspicious and the phishing web addresses. Honestly, it is no surprise that not only Kaspersky Antivirus, but almost all Internet security solutions follow the same procedure of work in the bid to monitor the web pages for malicious content. Nevertheless, Eikenberg has found out that the URL of this JavaScript File contains a certain string that is unique to every user of the Kaspersky antivirus, a sort of Universally Unique Identifier (UUID) that can be easily be captured by the websites, other third-party advertising, and analytics services, putting its users privacy at risk.

Eikenberg has also reported his findings to Kaspersky, who has acknowledged the issue and has patched it just the previous month by assigning a constant value FD126C42-EBFA-4E12-B309-BB3FDD723AC1 for all the users of Kaspersky instead of using the UUID in the JavaScript URL. Yet, the Kaspersky URL Advisor feature still enables the websites and the third-party services to find out if a visitor has Kaspersky software installed on his system, which the researcher believes can be abused by all means by scammers and cybercriminals indirectly. The updated or the patched versions of the Kaspersky Antivirus, Total Security, Internet Security, Small Office Security, and Free Antivirus products have already been delivered to the affected users.

The users who are keen to disable this tracking can do it manually by disabling the URL Advisor feature following the below-mentioned steps:

Settings→ Additional→ Network→ Un-check traffic processing box.

Source: The Hacker News

Disclaimer: does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.

Tags: #Darknet #.onion_Sites_Links #Deep_Web_Links_and_Web_Sites #Dark_Web_Links_Hidden_Wiki #Dark_net_Links


Please enter your comment!
Please enter your name here