AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Adblock flash player8/10/2023 ![]() ![]() The companies developing these extensionsĪltogether, I found malicious functionality in four browser extensions.The webRequest/declarativeNetRequest permission.The Great Suspender and Flash Video Downloader.If you aren’t interested in the technical details, you should probably go straight to the list of affected extensions. All of these extensions are clearly meant for dubious monetization. The names are often confusingly similar to established products. While most of these extensions didn’t seem to contain malicious code (yet?), almost all of them requested excessive privileges under false pretenses. I kept finding similar extensions until I had a list of 109 extensions, installed by more than 62 million users in total. In reality, it turned out to be an obfuscated malicious logic meant to perform affiliate fraud. ![]() Supposedly, it was buggy locale processing. When I looked into this extension, I immediately discovered a strange code block. That, and the permissions: why does a translator extension need webRequest and webRequestBlocking permissions? When looking for more PCVARK extensions, I stumbled upon an inconspicuous extension called “Translator - Select to Translate.” The only unusual thing about it were its reviews, lots of raving positive reviews mixed with usability complains. ![]() We’ve also seen PCVARK’s malicious ad blockers. We’ve already seen Chrome extensions containing obfuscated malicious code. ![]()
0 Comments
Read More
Leave a Reply. |