![]() ![]() There is a detailed discussion of the malicious code in my previous article. It’s based on a sample of roughly 1,600 extensions that I have locally, not all the Chrome Web Store contents. Note that this list is unlikely to be complete. These eight extensions are considerably different from the rest, so I published a follow-up blog post discussing the technical aspects here. Update (): All but eight of these extensions have been removed from Chrome Web Store. So now we are at 34 malicious extensions and 87 million users. With his help I was able to identify yet another variant of this malicious code and a bunch more malicious extensions. Also, Lukas Andersson did some research into manipulated extension ratings in Chrome Web Store and pointed out that other extensions exhibited similar patterns in their review. ![]() Update (): With an increased sample I was able to find some more extensions. The most popular of these extensions are Autoskip for Youtube, Crystal Ad block and Brisk VPN: nine, six and five million users respectively. So now we are at 18 malicious extensions with a combined user count of 55 million. And I found more extensions in Chrome Web Store which are using it. ![]() I checked it out and found two other versions of the same malicious code. It even gained a considerable number of users after I published my article.Ī reader tipped me off however that the Zoom Plus extension also makes a request to serasearchtopcom. Despite reporting the issue to Google via two different channels, the extension remains online. Two weeks ago I wrote about the PDF Toolbox extension containing obfuscated malicious code. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |