You will be forgiven for thinking that if you have downloaded Google Chrome Extension from the official chrome web store, it is likely to be above the board. Not so, according to the founder of the Browser Extension Security Platform Secure Inks, who claims that it has identified 35 chrome extension with an installment of 4 million total, resulting in ‘any spyware or infoastiler’.
There are many things in common with the accused’s expansion. They use many samples of the same code, many are connected to the same servers, and the same system requires permission (through ARS Technica) However, the founder of the cyber -scoring firm Secure Inks, John Tekron, Also found that they use the Obafskot code It is designed to hide their behavior.
“These expanses have some strong relationships and mostly claim that some of the purpose is to perform some purpose, such as blocking ads, protection from expansion, better search results, or privacy protection that keeps them available in the web store.”
“Although all are different, the code of their contenders is often very rare or completely missing.”
In a special example, the fire shield extension protection, running it on the lab device, resulted in an empty web page, while clicking on the menu of options did nothing. Chrome developer Tolls revealed that the extension linked to the URL and performed a common “browser_than_clined” reaction, but nothing more.
Using a unique extension ID found on the Gut Hub, the technician was able to observe the Fire Shield, which, in sending a variety of events to the web server, tracked out which websites he was visiting, which he had previously visited, and his display size.
“Although I could not find an example of (Fire Shield) extension credentials, but only at this level of the level. At this level, the ability to control the extension sequence from remote, and the capabilities of the browser extension are sufficient for me that all these extensions include some types of spyware or infestillors.”
Technir says it identified a 35 extension with “similar names” and separate similarities. Of these, 34 refer to a mysterious “Angeli.com” in his background service list.
Except for the identified extension are all non -lists, which means that you have to click a link directly to go to its Chrome Store Page. Nevertheless, Google gives “10 of the accused’s Extension” seeds to “significant” seeds.
“When some of these extensions are selected by Google to be ‘prominent’ when they are not looking for ordinary users?
“It blows my brain. Any ordinary user can translate this status as it is confirmed and well -known. It should not be ‘prominent’ at the same time, nor can it be discovered at the same time.”
Really you can find A full list of extensions identified by Tucker As the ARS Technica article is potentially malicious at the bottom of the article. Many of them have names like Posneto Shield, Privacy Guard, and Total Safety, so if you are using Chrome Extension to save your online presence, see it. Well, you have some serious cleaning.
