Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Are Your Browser Add-Ons Really Safe?

    Home Forums AskWoody support Questions: Browsers and desktop software Are Your Browser Add-Ons Really Safe?

    This topic contains 3 replies, has 3 voices, and was last updated by  HiFlyer 1 month ago.

    • Author
    • #125010 Reply

      AskWoody MVP

      Particle for Youtube now functions like adware after being sold to a new developer
      by Linas Kiguolis | July 14, 2017

      Users who have Particle For YouTube extension installed on their browsers should consider removing it as soon as possible. The original developer of the extension sold the extension to a new developer, which turns out to be a collector of abandoned Chrome extensions.

      The compromised extension, which was formerly called YouTube+, has been transformed into adware that injects ads on websites the user visits. Besides, the new developer added two new permissions for this extension:

      Read and change data on the websites the user visits;
      Manage user’s apps, extensions, and themes.

      As soon as the extension was sold, the new developer adjusted extension’s code. The source code of Particle now contains a folder called algoad, which is responsible for injecting ads in popular websites. Users of this extension are forced to receive ads when visiting sites such as Booking.com, eBay, Yahoo, Bing, Google, or YouTube.

      What is interesting is that the extension is now owned by someone whose username is roberthawkingsg. This username is linked to two other Chrome extensions that function very similarly to Particle – Twitch Mini Player and TypeWriter Sounds.

      Update. On July 14th, the Particle For Youtube extension was taken down off the Google Chrome store. It is not surprising, considering how many users expressed complaints about the extension’s new permissions and ads that it served. Therefore, it seems that the case is closed and we won’t see any more activity of this extension anytime soon.

      Read the full article here

      2 users thanked author for this post.
    • #125039 Reply


      I use Firefox as my browser.  Firefox is configured to load two extensions during everyday use.

      However, to enhance security and privacy, whenever I do anything sensitive (e.g., on-line banking, tax return preparation, etc.) I run Firefox in safe-mode so that no extensions are loaded.

    • #129751 Reply

      AskWoody MVP

      Warning: These 8 Google Chrome extensions have been hijacked by a hacker
      Proofpoint research has found that certain Chrome extensions have been taken over in order to spread malicious ads and steal money from users.

      By Conner Forrest | August 16, 2017

      According to recent Proofpoint research, eight extensions for the Google Chrome web browser have been compromised by attackers, sending malicious ads to the affected users. In a report, Proofpoint explained that the authors of these extensions had their credentials stolen, allowing the attacker to take over.

      The attacks occurred primarily in July and August 2017, with the attackers getting the credentials through a phishing scheme, the report said. This means that victims were exposed to malicious popups and potential schemes for stealing their credentials as well.

      According to the report, these eight extensions were likely compromised:

        Web Developer 0.4.9
        Chrometana 1.1.3
        Infinity New Tab 3.12.3
        CopyFish 2.8.5
        Web Paint 1.2.1
        Social Fixer 20.1.1
        Betternet VPN

      * Attackers have hijacked eight Google Chrome extensions, using them to serve malicious ads and direct users to scam services.
      * The attack also attempts to steal credentials to hosting services—in this case Cloudflare—so that they’ll be able to conduct future attacks.
      * Users who have any of the affected extensions installed should uninstall them and be careful not to click on any ads that seem suspicious.

      Read the full article here

      1 user thanked author for this post.
      • #130171 Reply

        AskWoody Lounger

        Wordfence put this out on 17 August 2017

        PSA:4.8 Million Affected by Chrome Extension Attacks Targeting Site Owners

        Excerpt from article:

        “This is a public service announcement from the Wordfence team regarding a security issue that has a wide impact. During the past 3 months, eight Chrome browser extensions were compromised and the attacker used them to steal Cloudflare credentials and serve up malicious ads.

        This post discusses exactly what happened, how to protect yourself and what the wider implications are of this supply chain attack.

        How the Chrome Extensions Were Compromised

        In June, July and August, developers of the following Chrome extensions had their login credentials stolen through a phishing attack. The extensions affected are:

        • Web Developer – Versions 0.4.9 affected
        • Chrometana – Version 1.1.3 affected
        • Infinity New Tab – Version 3.12.3 affected
        • CopyFish  – Version 2.8.5 affected
        • Web Paint – Version 1.2.1 affected
        • Social Fixer 20.1.1 affected
        • TouchVPN appears to have been affected but the version is unclear
        • Betternet VPN also appears to have been affected but no version was provided

        Based on total installs for these extensions, the attackers targeted a total of 4.8 million users. The developers of these Chrome extensions all had their account credentials compromised…”



        1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Are Your Browser Add-Ons Really Safe?

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:

    Comments are closed.