Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Are Your Browser Add-Ons Really Safe?

    Home Forums AskWoody support Questions: Browsers and desktop software Are Your Browser Add-Ons Really Safe?

    This topic contains 4 replies, has 3 voices, and was last updated by  anonymous 6 months, 3 weeks ago.

    • Author
    • #125010 Reply

      AskWoody MVP

      Particle for Youtube now functions like adware after being sold to a new developer
      by Linas Kiguolis | July 14, 2017

      Users who have Particle For YouTube extension installed on their browsers should consider removing it as soon as possible. The original developer of the extension sold the extension to a new developer, which turns out to be a collector of abandoned Chrome extensions.

      The compromised extension, which was formerly called YouTube+, has been transformed into adware that injects ads on websites the user visits. Besides, the new developer added two new permissions for this extension:

      Read and change data on the websites the user visits;
      Manage user’s apps, extensions, and themes.

      As soon as the extension was sold, the new developer adjusted extension’s code. The source code of Particle now contains a folder called algoad, which is responsible for injecting ads in popular websites. Users of this extension are forced to receive ads when visiting sites such as Booking.com, eBay, Yahoo, Bing, Google, or YouTube.

      What is interesting is that the extension is now owned by someone whose username is roberthawkingsg. This username is linked to two other Chrome extensions that function very similarly to Particle – Twitch Mini Player and TypeWriter Sounds.

      Update. On July 14th, the Particle For Youtube extension was taken down off the Google Chrome store. It is not surprising, considering how many users expressed complaints about the extension’s new permissions and ads that it served. Therefore, it seems that the case is closed and we won’t see any more activity of this extension anytime soon.

      Read the full article here

      2 users thanked author for this post.
    • #125039 Reply


      I use Firefox as my browser.  Firefox is configured to load two extensions during everyday use.

      However, to enhance security and privacy, whenever I do anything sensitive (e.g., on-line banking, tax return preparation, etc.) I run Firefox in safe-mode so that no extensions are loaded.

    • #129751 Reply

      AskWoody MVP

      Warning: These 8 Google Chrome extensions have been hijacked by a hacker
      Proofpoint research has found that certain Chrome extensions have been taken over in order to spread malicious ads and steal money from users.

      By Conner Forrest | August 16, 2017

      According to recent Proofpoint research, eight extensions for the Google Chrome web browser have been compromised by attackers, sending malicious ads to the affected users. In a report, Proofpoint explained that the authors of these extensions had their credentials stolen, allowing the attacker to take over.

      The attacks occurred primarily in July and August 2017, with the attackers getting the credentials through a phishing scheme, the report said. This means that victims were exposed to malicious popups and potential schemes for stealing their credentials as well.

      According to the report, these eight extensions were likely compromised:

        Web Developer 0.4.9
        Chrometana 1.1.3
        Infinity New Tab 3.12.3
        CopyFish 2.8.5
        Web Paint 1.2.1
        Social Fixer 20.1.1
        Betternet VPN

      * Attackers have hijacked eight Google Chrome extensions, using them to serve malicious ads and direct users to scam services.
      * The attack also attempts to steal credentials to hosting services—in this case Cloudflare—so that they’ll be able to conduct future attacks.
      * Users who have any of the affected extensions installed should uninstall them and be careful not to click on any ads that seem suspicious.

      Read the full article here

      1 user thanked author for this post.
      • #130171 Reply

        AskWoody Lounger

        Wordfence put this out on 17 August 2017

        PSA:4.8 Million Affected by Chrome Extension Attacks Targeting Site Owners

        Excerpt from article:

        “This is a public service announcement from the Wordfence team regarding a security issue that has a wide impact. During the past 3 months, eight Chrome browser extensions were compromised and the attacker used them to steal Cloudflare credentials and serve up malicious ads.

        This post discusses exactly what happened, how to protect yourself and what the wider implications are of this supply chain attack.

        How the Chrome Extensions Were Compromised

        In June, July and August, developers of the following Chrome extensions had their login credentials stolen through a phishing attack. The extensions affected are:

        • Web Developer – Versions 0.4.9 affected
        • Chrometana – Version 1.1.3 affected
        • Infinity New Tab – Version 3.12.3 affected
        • CopyFish  – Version 2.8.5 affected
        • Web Paint – Version 1.2.1 affected
        • Social Fixer 20.1.1 affected
        • TouchVPN appears to have been affected but the version is unclear
        • Betternet VPN also appears to have been affected but no version was provided

        Based on total installs for these extensions, the attackers targeted a total of 4.8 million users. The developers of these Chrome extensions all had their account credentials compromised…”



        1 user thanked author for this post.
    • #141833 Reply


      I’ve always been an IE fan (yes, I know! but it’s true) and I simply haven’t liked Firefox or Chrome when I’ve tried them in the past.

      Some of the websites I like to visit have been giving me big problems with my Win 7 and IE 11, and finally when I dug around in their help sections, I found out that they are not designed to work with Win 7 and IE 11 anymore.

      On the first explanation page I found (which I had no reason at the time to suspect was not that site’s _only_ explanation page on the matter), the site said that they were no longer supporting IE 11 and recommended moving from IE 11 to Chrome or Firefox.

      I avoid Google as much as possible, so I would need to be forced to use Chrome (plus, I just don’t like it that much).  Therefore, I decided to go with Firefox, which I had read had become more user-friendly and powerful in the last couple of years.

      So last month, I spent a weekend on it — reading about Firefox advice and tips across the internet, especially Martin Brinkmann’s detailed reports and recommendations (ghacks.net), learning about the vast array of add-ons, downloading the browser, tinkering with it, etc. —

      then learning about how the version I was installing was soon to be wiped away by an entirely different sort of Firefox,

      and that almost all of the add-ons I had added were going to be discontinued and disallowed in the new version of Firefox that was just 2 months’ away —

      but, I figured, “Well, maybe I can use my new Firefox setup for 2 months at least, to visit the website I want to use, which recommended Firefox in place of IE11 for people who were having trouble viewing it on IE11.”

      So, with the FF all ready to go on that Sunday evening, I visited the site I had moved to Firefox for, and it didn’t work.  I looked around their help pages again, and lo and behold, there was a help page that delved into things a little further, and said that the Win 7 + Firefox combination was also not supported, and visitors to the site needed to be on Win 8.1 + Chrome at a minimum, or Win 10 + any browser.

      Beyond all the changes that are coming soon to Firefox (which many commenters at that time seemed to be wary about), I also started to learn about various FF add-ons that had sort of been taken over by iffy groups, or which had been compromised and found to be doing bad stuff, etc., so I just deleted Firefox and went back to IE 11.

      (Additionally, I sometimes use a VPN, and after years of being wary of the DNS leakage situation with Chrome and Firefox, I still don’t have a clear understanding that Chrome and Firefox can be made safe from that.)

      In other ways, I do sense that my Win 7 setup is in the autumn – no, winter – of its lifespan, and I know I need to move on now.

      Though I don’t like the sound of Win 10 at all, I just think I probably should accept the nasty reality and bite the bullet instead of fussing around to find a tweaked 8.1 that will be good only for another year or so, but is next in line after Win 7’s Cinderella for the evil step-sister treatment from Win10.  (With no prince, no glass slipper, no sparkly carriage, just a rum pumpkin, broomstick, and fireplace soot.  Ahem, back to the technology topic…)

      Well, I’m just posting this here because I noticed that most of the warnings in the thread up to now have been regarding Chrome extensions, and last month I came across a number of mentions about Firefox add-ons, sometimes ones that were popular and respected at one point, which had been compromised, monetized, diminished, taken over by iffy groups, etc.



    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Are Your Browser Add-Ons Really Safe?

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:

    Comments are closed.