• Are Your Browser Add-Ons Really Safe?

    Author
    Topic
    #125010

    Particle for Youtube now functions like adware after being sold to a new developer
    by Linas Kiguolis | July 14, 2017

     
    Users who have Particle For YouTube extension installed on their browsers should consider removing it as soon as possible. The original developer of the extension sold the extension to a new developer, which turns out to be a collector of abandoned Chrome extensions.

    The compromised extension, which was formerly called YouTube+, has been transformed into adware that injects ads on websites the user visits. Besides, the new developer added two new permissions for this extension:

    Read and change data on the websites the user visits;
    Manage user’s apps, extensions, and themes.


    As soon as the extension was sold, the new developer adjusted extension’s code. The source code of Particle now contains a folder called algoad, which is responsible for injecting ads in popular websites. Users of this extension are forced to receive ads when visiting sites such as Booking.com, eBay, Yahoo, Bing, Google, or YouTube.

    What is interesting is that the extension is now owned by someone whose username is roberthawkingsg. This username is linked to two other Chrome extensions that function very similarly to Particle – Twitch Mini Player and TypeWriter Sounds.

    Update. On July 14th, the Particle For Youtube extension was taken down off the Google Chrome store. It is not surprising, considering how many users expressed complaints about the extension’s new permissions and ads that it served. Therefore, it seems that the case is closed and we won’t see any more activity of this extension anytime soon.

     
    Read the full article here

    2 users thanked author for this post.
    Viewing 6 reply threads
    Author
    Replies
    • #125039

      I use Firefox as my browser.  Firefox is configured to load two extensions during everyday use.

      However, to enhance security and privacy, whenever I do anything sensitive (e.g., on-line banking, tax return preparation, etc.) I run Firefox in safe-mode so that no extensions are loaded.

    • #129751

      Warning: These 8 Google Chrome extensions have been hijacked by a hacker
      Proofpoint research has found that certain Chrome extensions have been taken over in order to spread malicious ads and steal money from users.

      By Conner Forrest | August 16, 2017

       
      According to recent Proofpoint research, eight extensions for the Google Chrome web browser have been compromised by attackers, sending malicious ads to the affected users. In a report, Proofpoint explained that the authors of these extensions had their credentials stolen, allowing the attacker to take over.

      The attacks occurred primarily in July and August 2017, with the attackers getting the credentials through a phishing scheme, the report said. This means that victims were exposed to malicious popups and potential schemes for stealing their credentials as well.

      According to the report, these eight extensions were likely compromised:

        Web Developer 0.4.9
        Chrometana 1.1.3
        Infinity New Tab 3.12.3
        CopyFish 2.8.5
        Web Paint 1.2.1
        Social Fixer 20.1.1
        TouchVPN
        Betternet VPN

      * Attackers have hijacked eight Google Chrome extensions, using them to serve malicious ads and direct users to scam services.
      * The attack also attempts to steal credentials to hosting services—in this case Cloudflare—so that they’ll be able to conduct future attacks.
      * Users who have any of the affected extensions installed should uninstall them and be careful not to click on any ads that seem suspicious.

       
      Read the full article here

      1 user thanked author for this post.
      • #130171

        Wordfence put this out on 17 August 2017

        PSA:4.8 Million Affected by Chrome Extension Attacks Targeting Site Owners

        Excerpt from article:

        “This is a public service announcement from the Wordfence team regarding a security issue that has a wide impact. During the past 3 months, eight Chrome browser extensions were compromised and the attacker used them to steal Cloudflare credentials and serve up malicious ads.

         
        This post discusses exactly what happened, how to protect yourself and what the wider implications are of this supply chain attack.

        How the Chrome Extensions Were Compromised

         
        In June, July and August, developers of the following Chrome extensions had their login credentials stolen through a phishing attack. The extensions affected are:

        • Web Developer – Versions 0.4.9 affected
        • Chrometana – Version 1.1.3 affected
        • Infinity New Tab – Version 3.12.3 affected
        • CopyFish  – Version 2.8.5 affected
        • Web Paint – Version 1.2.1 affected
        • Social Fixer 20.1.1 affected
        • TouchVPN appears to have been affected but the version is unclear
        • Betternet VPN also appears to have been affected but no version was provided

         
        Based on total installs for these extensions, the attackers targeted a total of 4.8 million users. The developers of these Chrome extensions all had their account credentials compromised…”

        https://www.wordfence.com/blog/2017/08/chrome-browser-extension-attacks/

        HF

        1 user thanked author for this post.
    • #141833

      I’ve always been an IE fan (yes, I know! but it’s true) and I simply haven’t liked Firefox or Chrome when I’ve tried them in the past.

      Some of the websites I like to visit have been giving me big problems with my Win 7 and IE 11, and finally when I dug around in their help sections, I found out that they are not designed to work with Win 7 and IE 11 anymore.

      On the first explanation page I found (which I had no reason at the time to suspect was not that site’s _only_ explanation page on the matter), the site said that they were no longer supporting IE 11 and recommended moving from IE 11 to Chrome or Firefox.

      I avoid Google as much as possible, so I would need to be forced to use Chrome (plus, I just don’t like it that much).  Therefore, I decided to go with Firefox, which I had read had become more user-friendly and powerful in the last couple of years.

      So last month, I spent a weekend on it — reading about Firefox advice and tips across the internet, especially Martin Brinkmann’s detailed reports and recommendations (ghacks.net), learning about the vast array of add-ons, downloading the browser, tinkering with it, etc. —

      then learning about how the version I was installing was soon to be wiped away by an entirely different sort of Firefox,

      and that almost all of the add-ons I had added were going to be discontinued and disallowed in the new version of Firefox that was just 2 months’ away —

      but, I figured, “Well, maybe I can use my new Firefox setup for 2 months at least, to visit the website I want to use, which recommended Firefox in place of IE11 for people who were having trouble viewing it on IE11.”

      So, with the FF all ready to go on that Sunday evening, I visited the site I had moved to Firefox for, and it didn’t work.  I looked around their help pages again, and lo and behold, there was a help page that delved into things a little further, and said that the Win 7 + Firefox combination was also not supported, and visitors to the site needed to be on Win 8.1 + Chrome at a minimum, or Win 10 + any browser.

      Beyond all the changes that are coming soon to Firefox (which many commenters at that time seemed to be wary about), I also started to learn about various FF add-ons that had sort of been taken over by iffy groups, or which had been compromised and found to be doing bad stuff, etc., so I just deleted Firefox and went back to IE 11.

      (Additionally, I sometimes use a VPN, and after years of being wary of the DNS leakage situation with Chrome and Firefox, I still don’t have a clear understanding that Chrome and Firefox can be made safe from that.)

      In other ways, I do sense that my Win 7 setup is in the autumn – no, winter – of its lifespan, and I know I need to move on now.

      Though I don’t like the sound of Win 10 at all, I just think I probably should accept the nasty reality and bite the bullet instead of fussing around to find a tweaked 8.1 that will be good only for another year or so, but is next in line after Win 7’s Cinderella for the evil step-sister treatment from Win10.  (With no prince, no glass slipper, no sparkly carriage, just a rum pumpkin, broomstick, and fireplace soot.  Ahem, back to the technology topic…)

      Well, I’m just posting this here because I noticed that most of the warnings in the thread up to now have been regarding Chrome extensions, and last month I came across a number of mentions about Firefox add-ons, sometimes ones that were popular and respected at one point, which had been compromised, monetized, diminished, taken over by iffy groups, etc.

      —-

      P.T.

      1 user thanked author for this post.
      • #210964

        Have you, or anyone else here ,seen anything in common among those sites that do not accept connections from machines running Windows 7? I have not noticed that problem, as yet.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

    • #210911

      Read here about Firefox add-on:
      https://www.bleepingcomputer.com/news/security/firefox-add-on-with-220-000-installs-caught-collecting-users-browsing-history/

      In the largest sense, not all browser add-ons are safe. Use caution.

      On permanent hiatus {with backup and coffee}
      offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
      offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
      online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender
      7 users thanked author for this post.
      • #210918

        In FF I only use a bare minimum of security extensions and have done for well over 10 years and even then, I’m not fond of extensions (or add-ons, as they used to be known).

        I do find them necessary nowadays to counter scripts, verify web-site authenticity, eliminate tracking and ensure my connection is using HTTPS to any website. I prefer to use the about:config editor within FF to toughen up browser security.

        Windows - commercial by definition and now function...
        3 users thanked author for this post.
    • #210922

      I just checked if I had “220-000” that geekdom posted a warning about moments ago, in Waterfox, as it is a fork of FF. It’s not there. Only AdBlock, that I installed myself, and also a bunch of language packs. Maybe someone should check Pale Moon as well, to make sure is not there either.

      Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

      MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
      Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
      macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

      1 user thanked author for this post.
      • #211028

        Why would it be in Pale Moon, which comes with zero extensions, unless the user installed it? It would make much more sense if you suggested that everyone checked all of their browsers for bad extensions.

        1 user thanked author for this post.
        • #211042

          I do not use, have not used and, for all I know, shall never use Pale Moon. I was merely guessing that, being a fork of FF, it might have the same problem. Something that might have been worth investigating in case it turned out to be so. Glad to learn that this is not an issue.

          Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

          MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
          Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
          macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

          • #211059

            You’re missing the point; it might be an issue as it’s a User decision to locate and install such extensions in their browser. The Topic title makes a very good summary: Are Your Browser Add-Ons Really Safe?.

            2 users thanked author for this post.
            • #211115

              Thanks for keeping on lecturing me on a very brief and errant passing remark. Much and most appropriately appreciated.

              Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

              MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
              Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
              macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

            • #211123

              @OscarCP, ‘Lecturing’ is an inappropriate description, @satrow is merely trying to help you understand that extensions are added to the default installation of the browser by the end-user afterwards on all derivatives of FF. At least now you know 🙂

              Windows - commercial by definition and now function...
              2 users thanked author for this post.
            • #211152

              Oscar, in defense of Satrow, he wasn’t lecturing you; he was trying to explain something to you. Satrow is very knowledgeable on these matters. I have never observed him lecturing anyone on any matter, and that goes back many years.

              Group "L" (Linux Mint)
              with Windows 10 running in a remote session on my file server
              2 users thanked author for this post.
        • #211131

          Not everyone understands that Add-ons are extra 3rd party executable software they may choose to install – and some sites try to install add-ons just by visiting them.

          That being said, Pale Moon pops up an approval panel before allowing the installation of any Add-on (of which I have only added two after vetting them – uBlock and uMatrix).

          Many users just blindly stab at the [ OK ] button if anything pops up. That’s why UAC is ineffective, and why they may have add-ons they don’t really know about.

          -Noel

          6 users thanked author for this post.
    • #211322

      Mozilla Removes 23 Firefox Add-Ons That Snooped on Users
      By Catalin Cimpanu | August 16, 2018

       
      Mozilla removed today 23 Firefox add-ons that snooped on users and sent data to remote servers, a Mozilla engineer has told Bleeping Computer today.

      The list of blocked add-ons includes “Web Security,” a security-centric Firefox add-on with over 220,000 users, which was at the center of a controversy this week after it was caught sending users’ browsing histories to a server located in Germany.

      Besides Web Security, other banned add-ons include Browser Security, Browser Privacy, and Browser Safety. All of these have been observed sending data to the same server as Web Security, located at 136.243.163.73.

      Offending add-ons have been disabled in users’ browsers

       
      Read the full article here

      5 users thanked author for this post.
    • #216122

      Krebs on Security recently has a thread:

      https://krebsonsecurity.com/2018/09/browser-extensions-are-they-worth-the-risk/

      It is suggested to disable  automatic updates for extensions which I did in Firefox but apparently this cannot be done in Chrome (please correct me if I am mistaken).

      I rarely use the Chrome browser as I prefer Firefox.  Would it be safer to turn off the four extensions I have (HTTPS Everywhere, Adblocker Ultimate, uBlock Origin, Privacy Badger)and just use them when I use Chrome — or doesn’t it make a difference?

    Viewing 6 reply threads
    Reply To: Are Your Browser Add-Ons Really Safe?

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: