Add-on Fake Malicious Extensions on Chrome Web Store!

shmu26

Level 60
Joined
Jul 3, 2015
Messages
4,987
OS
Windows 10
#21
I didn't know how to do it, maybe there on MT - or any other place! - would be someone who was better informed than me, to notify Google, I hope so, I'm waiting!
One way would be to get onto google product forum, and start making a fuss. Link us here to the thread over there, I would be happy to +1 you over there.
 
Likes: Prorootect
Joined
Nov 5, 2011
Messages
4,223
#22
It seems to me, it's quite probable, that google guys know this (and another) MT topic, and the problem on their Chrome Web Store. Don't be naive: somewhere google must win something, if it prolongs this situation (bad for us all ordinary users).
I think, that google has the interest to have the bad guys in its web store... I think, Sorry, I don't want to offend anyone!
It's horrible, but this world is bad, it's looking for money and...

- There are surely some people here on MT who know google people with influence... Let them manifest here then, to satisfy us all. I'm sure.
Hello, Tavis Ormandy!

Link about: Fake ESET NOD32 extension analysis (Google Chrome) - read from post #17 to the bottom...
 
Last edited:

shmu26

Level 60
Joined
Jul 3, 2015
Messages
4,987
OS
Windows 10
#23
It seems to me, it's quite probable, that google guys know this (and another) MT topic, and the problem on their Chrome Web Store. Don't be naive: somewhere google must win something, if it prolongs this situation (bad for us all ordinary users).
I think, that google has the interest to have the bad guys in its web store... I think, Sorry, I don't want to offend anyone!
It's horrible, but this world is bad, it's looking for money and...

- There are surely some people here on MT who know google people with influence... Let them manifest here then, to satisfy us all. I'm sure.
Hello, Tavis Ormandy!

Link about: Fake ESET NOD32 extension analysis (Google Chrome) - read from post #17 to the bottom...
I don't know if it is quite as nefarious as you are implying, rather that it will cost Google some money to properly vet the extensions, and if they reject certain extensions it might be bad for popularity (like what just happened with Firefox Quantum).
But the party is over. No one is going trust Chrome Store again, if they don't clean up their act.
 
Last edited:
Joined
Nov 5, 2011
Messages
4,223
#24
shmu26 wrote:

'...the party is over.' so 'No one is going trust Chrome Store again, if they don't clean up their act.'

I think so!


PS. Search like me the bad extensions on Chrome Web Store and put them here (descriptions of course). Thanks!
 
Last edited:

Opcode

Level 28
Content Creator
Joined
Aug 17, 2017
Messages
1,733
#25
I noticed this thread earlier today, I am not sure why I didn't notice it beforehand. I started investigating the extensions after another member (an Italian female member I believe) asked about a few extensions which were placed on the Google Chrome Web Store. You were already onto it all I believe? (the same authors/extensions)?

Really good work @Prorootect. Despite the thread I made, I am going to go ahead and say that I believe you were the first member here to notice what was going on to the extent and post a thread about it, you deserve more views for this. You've been checking up on it on a daily basis and continuing to find more and more, too.

Google should provide you with an award. :)
 
Joined
Nov 5, 2011
Messages
4,223
#26
I noticed this thread earlier today, I am not sure why I didn't notice it beforehand. I started investigating the extensions after another member (an Italian female member I believe) asked about a few extensions which were placed on the Google Chrome Web Store. You were already onto it all I believe? (the same authors/extensions)?

Really good work @Prorootect. Despite the thread I made, I am going to go ahead and say that I believe you were the first member here to notice what was going on to the extent and post a thread about it, you deserve more views for this. You've been checking up on it on a daily basis and continuing to find more and more, too.

Google should provide you with an award. :)
Ok., thank you very much, Opcode!

You have won a prize: chrome extension called High contrast! (I like it, and use on high contrast position only, already!).
Yes, cause you latest posting highlighted things with a great view!
It would have been honest of google to make me pay my great commitment to get them out of this quagmire, swamp, in which they are at the moment, cause some bad guys.

You too, you are invited to share here your new discoveries from web store, share them with us here!

Your prize, High Contrast extension, on Chrome Web Store(safe!): High Contrast
 
Joined
Nov 5, 2011
Messages
4,223
#27
On Chrome Web Store, if you search for: 'is the best tool to browse the Internet safely and quickly.'
- then you are found, that suspicious extensions are copied from 'Panda Safe Web' extension - GUI, and description text.
These are: Shield Defense, MyStart Shield, Secure MyWeb.
Look too on Post #18 in this thread, please.
 

Opcode

Level 28
Content Creator
Joined
Aug 17, 2017
Messages
1,733
#30
Have you seen, that this panda has 879,142 users

why google why
I don't know much about Panda and their extensions... I found the MyStart one which has 879,142 users the other day but was unsure after dynamic testing under an analysis environment. I cannot find any information on the official Panda Security website regarding it, and the author linking to the MyStart indicates to me that it isn't genuine, however there are almost a million users.

Do you know if it is genuine or fake? It looks fake but you never know... Even the English for the description is "off" which is another indicator that it could be fake.
 
Joined
Jul 27, 2015
Messages
961
#31
Panda Security Forum - View topic - Safe Web
One of many issues they have and too many reviews elsewhere are poor at best so naaa thanks Panda but no thanks. Personal I dislike alot all so called " Toolbars " as many sites alone arent already filled up enough with annoying advertisement.

The Hybrid-Analysis and also the VirusTotal test on the windows version was interesting to read. Cheeky behavior to even ask people pay $34.99 especially when it comes with that kind of crap.
 

Opcode

Level 28
Content Creator
Joined
Aug 17, 2017
Messages
1,733
#32
@upnorth That is absolutely unreasonable and inexcusable!


Once the panda safe web has been installed (even with the checkbox alredy unchecked), try to change manually the search provider inside your internet browser advanced optios tab, or you can try to restore to factory values the browser's configuration once the panda safe web has been installed.
In my opinion that is unethical and makes me think that they cannot be trusted, despite being popular/well-known. I think the only reason they escalated it to a Private Message was due to embarrassment and not wanting to appear foolish on the forum for such a ridiculous scenario being reported - which is unhelpful for others who may view the thread looking for answers under the same circumstances as the original poster (and there must be more than one person in which that has happened to with the hijacked search provider because it is commonly noted on the Reviews).

Edit: Accord to Google Chrome, the website is allegedly insecure - probably a certificate-related problem I'd imagine though.
 
Joined
Nov 5, 2011
Messages
4,223
#33
I have found recent underground activity on Chrome Web Store, by mystart.com:
- speciality: wallpapers above all.. search on store: 'mystart'!
So: MyStart Shield, MyStart Search New Tab, MyStart Space, MyStart Kereso, Mystart.io, and 27 wallpapers extensions, all enregistered by Google on November and October, 2017. Many 'Updated: October 11, 2017' but 3 latest updated November 2 or November 16, 2017...

So Google has made a lot of money, much more than from another developers with one or two extensions, 32 times more than from developer of single extension.

'Chrome Web Store' is a very successful business.
This is reality. A sad reality.
 
Last edited:

Opcode

Level 28
Content Creator
Joined
Aug 17, 2017
Messages
1,733
#36
This is getting very interesting. Bad Panda ....
They've been flagged for years according to the source of a friend of mine who I asked about the Panda Safe Web extension the other day - I thought it was a fake extension at first with almost a million users before even testing it out properly and even started writing a whole analysis thread. Once I reached the point of adding static and dynamic analysis explanations, I then realised it really was genuine and not rogue and I was completely poker-faced. Even the English on the extension description doesn't add up right, and the author linking to a custom MyStart search engine page is extremely unethical IMO due to the background the service has surrounding browser hijacking among previous and known malicious software (e.g. Adware).

I was a fool for not investigating further before spending time on a write-up which turned out to need to be deleted and never posted, but can you really blame me? Now another member above has posted a VirusTotal report for another component belonging to software of theirs, and that is... Well, self-explanatory in itself really.

I hope Panda Security clean-up their act because I'd like to think good of them, but it is behavior which I feel uncomfortable with surrounding generation of income (do they really need to do these things? Why can't they just make revenue from hard-working developed software) such as the PUPs/bundling and what-not...
 

Slyguy

Level 31
Joined
Jan 27, 2017
Messages
2,097
OS
Other OS
#37
This is getting very interesting. Bad Panda ....
My on-prem Sandboxing Appliance started flagging Panda junk as riskware about a month or two ago. I've learned to pay CLOSE attention when my Sandbox Appliance 'wakes up' on something, it saved me from the Ccleaner fiasco. Recently, it's awakened on a couple of products and I simply won't recognize it as FP's because the device is exceedingly good at avoiding FP's. The 50 page dump on Panda stuff is 'interesting', but I can't share it here, just a snippet.

 
Joined
Apr 5, 2017
Messages
455
OS
Windows 7
Antivirus
Emsisoft
#38
It's the not so clever people like me who will get caught out with something like this as i wouldn't know how to check for pups etc until they are already there, yes i could uncheck the box regarding changing the browser but in this case, it simply wouldn't have worked. As you say @Opcode, it is unethical and Panda aren't exactly minnows in the security field (although i think it more of the average home user who uses it) so they should be doing better with their product and not forcing unwanted changes on people. Another product to dismiss in my book and it's all thanks to you guys here for posting and investigating these things. (y)
 
Joined
Nov 5, 2011
Messages
4,223
#39
It's the not so clever people like me who will get caught out with something like this as i wouldn't know how to check for pups etc until they are already there, yes i could uncheck the box regarding changing the browser but in this case, it simply wouldn't have worked. As you say @Opcode, it is unethical and Panda aren't exactly minnows in the security field (although i think it more of the average home user who uses it) so they should be doing better with their product and not forcing unwanted changes on people. Another product to dismiss in my book and it's all thanks to you guys here for posting and investigating these things. (y)
Searching on google for 'panda security problems' found some interesting topic titles on the first page already:
How to solve issues with Panda antivirus after installing - Panda Security
Known Issues - Panda Security Mediacenter
Buggy Panda Update Causes Problems for Home, Enterprise Users ...
Panda AntiVirus update likely to brick Windows Systems on restart
PC Hell: How to Uninstall Panda Antivirus
Panda antivirus labels itself as malware, then borks EVERYTHING ...
etc etc


I'm falling today on some other odd/sneaky/strange extensions.
Searching in Chrome Web Store for 'panda security', found only:
Best Online Shopping Deals Site, Best Chrome Downloader, and two Ultra VPN - Unlimited Free VPN, latest three signed by Chrome ... all four have long long spammed description.
First VPN ext. has Version: 1.2 Updated: November 9, 2017 Size: 14.1KiB 9,521 users, then other VPN ext. has Version: 1.2 Updated: November 23, 2017 Size: 13.41KiB 0 users, still warm hot.
All fake surely..

Giant on clay legs: where you go to the Chrome Web Store, you fall between the creatures of swamp... as if you were putting a stick in the anthill... they are coming in. They wished us to think that everything is OK, that it's safe - this is called manipulation.
It's like in life around us... so beware!
 
Last edited:
Likes: upnorth
Joined
Nov 5, 2011
Messages
4,223
#40
... and:
Help me to judge: is this extension legit or fake: RAM light: RAM light
Version: 0.1.2 Updated: November 20, 2017 Size: 19.57KiB
Yes, fresh extension (uploaded 4 days ago), offered by hektr992 - he has an email account ... 1 user...
'RAM light' it's NOT found on google search Today.
His another extension called 'Blocksite' is found on google search, but not this one...

- thank you in advance...

PS.
To lower the CPU heating, use 'Reader View' extension..
- cause this green 'onlineMarker pulse' periodic pulsations from 'Tooltip onlineMarker' on avatars is very annoying to my PC fan, and me.
This problem have on 'MalwareTips 6102' style theme, and 'MalwareTips Dark 6102' too.
- gif animations...
 
Last edited:
Likes: upnorth