More malicious extensions in #Chrome Web Store
At least 18 different malicious extensions (as of 30 MAY and this post) identified by @WPalant
Remember extensions have privileged access to the browser (and data in the browser). Choose your extensions wisely... they could be #spyware or #malware in disguise.
#cybersecurity #infosec #security #opsec #privacy
https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/
@WPalant thanks for the additional; I had read it when it was 18.
Honestly, if they take the same approach they do for the Play Store and their paid search ads, then they will probably only purge the reported/named ones. Doubt they will go hunting based on their track record.
@avoidthehack They already found some extensions that I didn’t mention in my original post. By the time I published the update they were already gone. Which is reassuring: they definitely did their own search.
Still weird that they missed one extension. Not surprising that they missed the other eight: it’s a significantly different code variant that I’ve only come across now.
@avoidthehack Well, the pressure part is present here as well. I’ve never seen regular reporting work with Chrome Web Store. But action happens fairly quickly after it hits Hacker News. The beneficial interpretation is: their usual processing pipeline is massively understaffed, but Hacker News is usually read by some Google devs who care and will escalate internally.
There is one more aspect here: I think that the extensions haven’t been blocklisted yet. So those 87 million installs are still there, the extensions merely don’t gain any new users. Still waiting for my own install to vanish, so far it didn’t.
@WPalant I see. Always appreciate the insight. Still wish as a whole Google would act quicker, given their reputation in the general cybersecurity community.
Just in my experience/observation, there’s a lag between action on the Play Store and search ads, though seems to be slower with search ads. Search ads being the biggest offender - why let an ad pointing to a site blocked by Safe Browsing even create an ad on the platform… granted I know it can be whack a mole. Heh.
@WPalant A case where I absolutely do not want to be right.
In any case, thanks for your work. I like your posts. :)
Btw, you made it into this Ars Technica post: https://arstechnica.com/information-technology/2023/06/injecting-strange-code-into-websites-file-snooping-google-marketplaces-are-a-mess/
@avoidthehack Yes, seen it. They even put my quote into the article title.
Btw, going to publish another article on some ad blockers published by a company that specializes in “potentially unwanted software.” Google recently removed at least two of their ad blockers. Yet two others remain despite being almost identical code-wise.
@WPalant That’s awesome and I hope you’re proud of your great research. :) also as a side note… LOL at specializing in PUPs. I guess everything is possible.
Put me on the shortlist of notification for when it goes live. I would like to add considerable updates for my own post for adblocking, stressing the need to vet adblocking software.
@avoidthehack It went live today: https://palant.info/2023/06/05/introducing-pcvark-and-their-malicious-ad-blockers/
And there will be another article – there is really no end to malicious extensions…
@WPalant :D you know what… you bring up a good point. Malicious extensions are a privacy and security problem… time to put together another post on my end on top updating others.
Thanks for the idea/inspiration. 😝
gs17
Avoid The Hack!
Wladimir Palant
