• Warning! Malicious Browser Extensions

    Author
    Topic
    #2320313

    The browsers in question are Google Chrome and MS Edge as reported by Sergiu Gatlan over on Bleeping Computer
    Discovered by an Avast malware researcher, Jan Rubín explains:

    “The extensions’ backdoors are well-hidden and the extensions only start to exhibit malicious behavior days after installation, which made it hard for any security software to discover,”

    the extensions in question are listed below

    • Direct Message for Instagram
    • Direct Message for Instagram™
    • DM for Instagram
    • Invisible mode for Instagram Direct Message
    • Downloader for Instagram (1,000,000+ users)
    • Instagram Download Video & Image
    • App Phone for Instagram
    • App Phone for Instagram
    • Stories for Instagram
    • Universal Video Downloader
    • Universal Video Downloader
    • Video Downloader for FaceBook™
    • Video Downloader for FaceBook™
    • Vimeo™ Video Downloader (500,000+ users)
    • Vimeo™ Video Downloader
    • Volume Controller
    • Zoomer for Instagram and FaceBook
    • VK UnBlock. Works fast.
    • Odnoklassniki UnBlock. Works quickly.
    • Upload photo to Instagram™
    • Spotify Music Downloader
    • Stories for Instagram
    • Upload photo to Instagram™
    • Pretty Kitty, The Cat Pet
    • Video Downloader for YouTube
    • SoundCloud Music Downloader
    • The New York Times News
    • Instagram App with Direct Message DM

    Course of action:
    1. Either disable or uninstall if you have any of them on your system
    (the later being the safer IMO)
    2. Then run a full up-to-date AV/ malware scan.

    More info in above link

    WaaS = Windows as a Syphon...suckers!

    6 users thanked author for this post.
    Viewing 9 reply threads
    Author
    Replies
    • #2320430

      I just checked by clicking on the “Extensions” icon in Chrome and only found four, all familiar to me, because I have installed them myself, and none of those in the list. Is there some other way where I could find if there are any more in some so far unexplored nook, or cranny of Chrome?

      Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

      MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
      Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
      macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

      • #2320434

        @OscarCP, If your chosen/installed extensions don’t match up to any on the above list in the original thread post, there’s nothing to worry about.

        WaaS = Windows as a Syphon...suckers!

        2 users thanked author for this post.
    • #2320438

      I wonder if Firefox will be affected?

      • This reply was modified 2 years, 1 month ago by Geo.
      • #2322537

        I am a Firefox ESR user and I only use Mozilla Firefox Recommended Extensions.

        Open the Firefox Menu, Add-ons; there is a trophy icon for the Firefox Recommended Extensions.

         

    • #2320577

      So Downloader for Instagram extension could be the reason I was logged out of Instagram and stopped me from logging back in a few days ago. I had to change the password to access it. I thought how strange. I’ve just uninstalled the extension.

    • #2320690

      Bad news is, that something average user trusts (it contains “Instagram”, or “Vimeo” registered trademark for example) has backdoors.
      There should be some validation process before enabling extension to be available.

      Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 20H2 Enterprise

      HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

      PRUSA i3 MK3S+

      • #2320728

        There should be some validation process before enabling extension to be available.

        It’s not really feasible to do that. There are too many extensions and not enough resources to review every one of them (every update would have to be evaluated). Firefox has tried to do that by requiring them to be signed, and there are some that are considered “trusted” and are listed as recommended, but it doesn’t mean the ones that are not recommended are bad.

        The flip side of requiring addons to be validated is that you’d be denying browser users the ability to make their own choices about addons, and only letting them choose from the relatively few that are “officially” recommended. There was a lot of anger and annoyance when Mozilla first introduced the addon signing thing, which (in typical Mozilla form) started as optional, and was then made mandatory. At some level, you’re taking a leap of faith any time you run any code you didn’t personally write (from the system firmware to the microcode in the CPU to the OS and the applications).

        Dell XPS 13/9310, i5-1135G7/16GB, OpenSUSE Tumbleweed
        XPG Xenia 15, i7-9750H/16GB & GTX1660ti, OpenSUSE Tumbleweed

        2 users thanked author for this post.
    • #2320762

      It’s not really feasible to do that

      Yes, it is. Apple does that for the ‘billion’ apps in app store.

    • #2321077

      Browser extensions are usually useful, sometimes fun — and occasionally dangerous.

      That’s the case for at least 28 browser extensions analyzed by Avast Threat Intelligence researchers

      more info from avast

    • #2321493

      Firefox YES,
      Everything else NO.
      Many hundreds of customers over the years, by far most of them “computer illiterate” (in their own words). Every single one of them gets installed Firefox with
      “uBlock origin”, ‘WOT – Web Of Trust” and “Facebook Disconnect”.

      AND: If a web sire does not work well with/in Firefox I tell my customers to NOT USE THIS WEB SITE instead of using Chrome or any of the other browsers.
      Works 99.99% of the time.

      I don’t recall anymore when and how I learned that Google can’t keep their extensions store clean – plus I don’t want to feed the by now probably biggest information gathering machine.

      • This reply was modified 2 years, 1 month ago by WSeikelein. Reason: Typo
      • #2321914

        plus I don’t want to feed the by now probably biggest information gathering machine.

        Well then abandon Windows. Firefox has fairly strong support on Linux distros, it should be the main playground for FF. And by the way I really like Vivaldi browser. Check its website here
        There are some bugs, but its improving everyday. If I submit discovered bug to its forum, developpers are listening to what I say. Its very pleasant experience.

        Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 20H2 Enterprise

        HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

        PRUSA i3 MK3S+

    • #2321565

      Google Chrome, MS Edge…  what are those?

      Give me a robust FF (heart of the Rebel Alliance) with a Brave back (when the snapping alligators teeming in the moat I have built around FF simply refuse to let something run…  good on FF and those crocks!)

    • #2321919

      Thank you,  I have checked and found none of these but thanks for the heads up

      Joe M.

    • #2322593

      Well then abandon Windows

      doriel,
      I wish I could. I love my Linux Lite system. That was the distro I settled on when I was looking for something easy to transition to coming from Windows. Remember what my customers said about themselves?

      But the vast majority of my customers “naturally” run Windows, so I must have it and “know” it. How else could I help them?

      And despite my advanced years the additional income is highly appreciated by my wife and me.

      1 user thanked author for this post.
      • #2325254

        I understand.

        But the vast majority of my customers “naturally” run Windows, so I must have it and “know” it. How else could I help them?

        Im caught in that situation too.

        Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 20H2 Enterprise

        HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

        PRUSA i3 MK3S+

    Viewing 9 reply threads
    Reply To: Warning! Malicious Browser Extensions

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: