Prorootect

Level 53
Verified
Thanks to Windows_Security latest post, I've found 20 (at least...) immature, noneworthy, suspicious or malicious Chrome extensions, some from May, 2017 (= 1 year already!...) -
- searching for "Mr. Teachnology", or "Jay Murphy", or "Mr. Teachnology / Jay Murphy"

Yes malicious, look at this user' remark:
"La aplicación no se muestra en ningún lado. No se puede usar ni la puedo desinstalar porque no puedo acceder."
English translation: "The application is not shown anywhere. I can't use or uninstall it because I can't access it." - Jay!..o_O
- it's about "Math Tols" extension, search under User reviews/All languages...

*
Jay
Someone who is cool, smart, cheerful, and knows how to make people laugh. But he can sometimes be a bit immature.
Wow. You are a Jay.

- from here: Urban Dictionary: Jay
 

Prorootect

Level 53
Verified
Malicious Chrome extensions infect 100,000-plus users, again on arstechnica.com:
Malicious Chrome extensions infect 100,000-plus users, again
Over two months, seven extensions stole credentials and installed currency miners.


Enlarge / On the left, a legitimate Chrome extension. On the right, one of seven recently discovered malicious Chrome extensions impersonating it.
Criminals infected more than 100,000 computers with browser extensions that stole login credentials, surreptitiously mined cryptocurrencies, and engaged in click fraud. The malicious extensions were hosted in Google’s official Chrome Web Store.

The scam was active since at least March with seven malicious extensions known so far, researchers with security firm Radware reported Thursday. Google's security team removed five of the extensions on its own and removed two more after Radware reported them. In all, the malicious add-ons infected more than 100,000 users, at least one of which was inside a "well-protected network" of an unnamed global manufacturing firm, Radware said.

...

The seven extensions masqueraded as legitimate extensions. Their names were:
  • Nigelify
  • PwnerLike
  • Alt-j
  • Fix-case
  • Divinity 2 Original Sin: Wiki Skill Popup
  • Keeprivate
  • iHabno
Thursday's Radware blogpost includes extension IDs for each one.

The extensions came to the attention of Radware researchers through machine-learning algorithms that analyzed communication logs of the protected network that was infected. The Radware researchers said they believe the group behind the extensions has never been detected before. Given the regular success in getting malicious extensions hosted in the Chrome Web Store, it wouldn't be surprising if the group strikes again.

...read more on the website...

-------------------------------------

...and more, on blog.radware.com: Nigelthorn Malware Abuses Chrome Extensions to Cryptomine and Steal Data
Nigelthorn Malware Abuses Chrome Extensions to Cryptomine and Steal Data
...
Infection Process

Radware has dubbed the malware “Nigelthorn” since the original Nigelify application replaces pictures to “Nigel Thornberry” and is responsible for a large portion of the observed infections. The malware redirects victims to a fake YouTube page and asks the user to install a Chrome extension to play the video.
Figure 2: Fake YouTube page
Once the user clicks on “Add Extension,” the malicious extension is installed and the machine is now part of the botnet. The malware depends on Chrome and runs on both Windows and Linux. It is important to emphasize that the campaign focuses on Chrome browsers and Radware believes that users that do not use Chrome are not at risk.
...
...read more then...
 
Last edited:

MeltdownEnemy

Level 6
Verified
The worst of all is that no antivirus, antimalware program can help against this infection type. listen to me again that phrase "none of them including the best av in the security frame" Well, you just saw it by yourself, in how a simple script easily passes through the nose of any antivirus. I'm realizing how useless they are against apps and extensions of chrome. This happened to me in the same way that you, although Fortunately it was only trought chrome inside vmware.
 

yitworths

Level 10
Verified
Su
Malicious Chrome extensions infect 100,000-plus users, again on arstechnica.com:
Malicious Chrome extensions infect 100,000-plus users, again
Over two months, seven extensions stole credentials and installed currency miners.


Enlarge / On the left, a legitimate Chrome extension. On the right, one of seven recently discovered malicious Chrome extensions impersonating it.
Criminals infected more than 100,000 computers with browser extensions that stole login credentials, surreptitiously mined cryptocurrencies, and engaged in click fraud. The malicious extensions were hosted in Google’s official Chrome Web Store.

The scam was active since at least March with seven malicious extensions known so far, researchers with security firm Radware reported Thursday. Google's security team removed five of the extensions on its own and removed two more after Radware reported them. In all, the malicious add-ons infected more than 100,000 users, at least one of which was inside a "well-protected network" of an unnamed global manufacturing firm, Radware said.

...

The seven extensions masqueraded as legitimate extensions. Their names were:
  • Nigelify
  • PwnerLike
  • Alt-j
  • Fix-case
  • Divinity 2 Original Sin: Wiki Skill Popup
  • Keeprivate
  • iHabno
Thursday's Radware blogpost includes extension IDs for each one.

The extensions came to the attention of Radware researchers through machine-learning algorithms that analyzed communication logs of the protected network that was infected. The Radware researchers said they believe the group behind the extensions has never been detected before. Given the regular success in getting malicious extensions hosted in the Chrome Web Store, it wouldn't be surprising if the group strikes again.

...read more on the website...

-------------------------------------

...and more, on blog.radware.com: Nigelthorn Malware Abuses Chrome Extensions to Cryptomine and Steal Data
Nigelthorn Malware Abuses Chrome Extensions to Cryptomine and Steal Data
...
Infection Process

Radware has dubbed the malware “Nigelthorn” since the original Nigelify application replaces pictures to “Nigel Thornberry” and is responsible for a large portion of the observed infections. The malware redirects victims to a fake YouTube page and asks the user to install a Chrome extension to play the video.
Figure 2: Fake YouTube page
Once the user clicks on “Add Extension,” the malicious extension is installed and the machine is now part of the botnet. The malware depends on Chrome and runs on both Windows and Linux. It is important to emphasize that the campaign focuses on Chrome browsers and Radware believes that users that do not use Chrome are not at risk.
...
...read more then...
It seems some kinda payload infection.Look at d page, it's not encrypted nor showing green lock. Wi-fi hackers use this kinda tricks. But a full-fledged developer should level his game up. &@MeltdownEnemy a good anti-virus should detect this sorta tricks as threat. I think google enjoys too much reputation, it's time for google to open itself up to all security researchers. This extensions are exploiting what google is providing to them.
Should everything be open-source?
 

Prorootect

Level 53
Verified
Last edited:

Spawn

Administrator
Verified
Staff member
Name: Adblocker HARDLINE V2 ™
Developed by
Code:
http://fonexsoftware.com/
Description
Adblocker HARDLINE V2 ™ removes all ads and popups from all websites! The fastest adblock available plus modern controls and…
——————————
Adblock HARDLINE ™ works automatically in the background to block ALL types of advertisements on ALL websites, including on Facebook and YouTube. Ads are completely blocked from downloading, instead of being removed after the fact. This amounts to a clean web browsing experience, with more privacy, featuring the most advanced techniques and filters available today. Adblock HARDLINE ™ runs on a lightweight, fast proprietary engine making it one of the quickest adblockers on the market today, all while being reliable and always up-to-date. Significantly improves your browsing performance and memory usage with no disruptions whatsoever. This extension uses about half as much memory as other popular solutions: Adblock, Adblock plus, and even the original uBlock.

The control panel is intuitively designed for both novice and experts alike. You may choose to control options on a per-domain basis, including whitelisting, popup blocking, element hiding and more.

NO ACCEPTABLE ADS
Unlike other popular adblockers, Adblock HARDLINE ™ DOES NOT allow any advertisements. Do you want to allow ads on certain sites you love? No problem! You can choose to whitelist any website, page or domain as you wish. Website whitelisting is just one click away.

TYPES of ADS BLOCKED
Adblock HARDLINE ™ blocks all ads on ALL websites before they even load, including:
- Facebook ads (both Sponsored posts and text / banner ads)
- Youtube video ads (pre-roll)
- Other Video ads / Overlay in-video ads
- Webmail ads
- Unwanted pop-ups and pop-under ads
- Autoplay-sound ads
- General banner and text ads
- All other annoying ads

ADBLOCKING BENEFITS
- Save bandwidth, data and time
- Speeds up page loading
- No intrusive ads or popups windows
- Lower CPU and Memory Usage
- Protect your privacy by blocking common third-party trackers
- Helps to protect you from malware and phishing
- Blocks many spyware, adware threats

FILTERING
This adblocker uses a set of filters to remove ads from webpages. Standard filters are applied by default and you may choose to use the other optional filters as you wish.

Standard Filters:
- uBlock filters Badware risks, Privacy, Unbreak
- EasyList
- Easy Privacy
- Malware Domain List
- Malware domains
- Peter Lowes Ad and tracking server list

Other optional filters:
- Fanboys Enhanced Tracking List
- Dan Pollocks hosts file
- hpHostss Ad and tracking servers
- MVPS HOSTS
- Spam404
- And many many other lists

OPEN SOURCE
This adblocker is a fork of the Adblock Plus and uBlock Origin, a community-driven project with hundreds of volunteers making sure that all ads are automatically blocked. The code is open source and used under GPL. Significant portion of the code was rewritten to make this extension faster, efficient and far more reliable. We also REMOVED any tracking code for your privacy.

PRIVACY PERMISSIONS
Adblock HARDLINE ™ does not monitor nor collect your browsing history or your personal information to function properly. When installing, Google Chrome browser automatically shows a permission notice about access to your history and website data as it would with any other adblocker. This is a standard message, we NEVER collect any personally identifiable information whatsoever!

TRADEMARKS
This extension is not affiliated or related in any way with: Adblock, Adblock Plus, Superblock Adblocker, Superblock Extended - Adblocker, Adguard AdBlocker, Adblock for Youtube, AdRemover for Google Chrome, Ad Block - AdFilter, YouTube AdBlock, Adblock Pro, Adblock Super, Simply Block Ads, Adblock for Facebook, uBlock Ultimate Adblocker, Adblock Fast, uBlock Origin, uBlock Plus, uBlock Pro, Anti-Adblock Popup Blocker

Youtube™ and Google Chrome™ are trademarks of Google Inc. Use of these trademarks is subject to Google Permissions. Facebook™ is a trademark of Facebook, inc.
Extension Link
Code:
https://chrome.google.com/webstore/detail/adblocker-hardline-v2/npmleadjnlojpinmkhnepddhlplealpg
-----

Name: Adblocker NO ADS V2 ™
Developed by
Code:
Fonexcode software company
Description
Adblocker NO ADS V2 ™ removes all ads and popups from all websites! The fastest Adblocker available plus modern controls and…
ADBLOCKER No Ads !! works automatically in the background to block ALL types of advertisements on ALL websites, including on Facebook & YouTube. Ads are completely blocked from downloading, instead of being removed after the fact. This amounts to a clean web browsing experience, with more privacy, featuring the most advanced techniques and filters available today. AADBLOCKER No Ads !! runs on a lightweight, fast proprietary engine making it one of the quickest adblockers on the market today, all while being reliable and always up-to-date. Significantly improves your browsing performance and memory usage with no disruptions whatsoever. This extension uses about half as much memory as other popular solutions: Adblock, Adblock plus (ABP), and even the original uBlock.

The control panel is intuitively designed for both novice and experts alike. You may choose to control options on a per-domain basis, including whitelisting, popup blocking, element hiding and more.

NO ACCEPTABLE ADS
Unlike other popular adblockers, ADBLOCKER No Ads !! DOES NOT permit any advertisements. Do you want to allow ads on certain sites you love? No problem! You can choose to whitelist any website, page or domain as you wish. Website whitelisting is just one click away.

TYPES of ADS BLOCKED
ADBLOCKER No Ads !! blocks all ads on ALL websites before they even load, including:
- Facebook ads (both Sponsored posts and text / banner ads)
- Youtube video ads (pre-roll)
- Other Video ads / Overlay in-video ads
- Webmail ads
- Unwanted pop-ups and pop-under ads
- Autoplay-sound ads
- General banner and text ads
- All other annoying ads

AD BLOCKING BENEFITS
- Save bandwidth, data & time
- Speeds up page loading
- No intrusive ads or popups windows
- Lower CPU and Memory Usage
- Protect your privacy by blocking common third-party trackers
- Helps to protect you from malware and phishing
- Blocks many spyware, adware threats

ADS FILTERING
This adblocker uses a set of filters to remove ads from webpages. Standard ad filters are applied by default and you may choose to use the other optional filters as you wish.

Standard Filters:
- uBlock filters Badware risks, Privacy, Unbreak
- Adblock Plus ABP filters
- EasyList
- Easy Privacy
- Malware Domain List
- Malware domains
- Peter Lowes Ad & tracking server list

Other optional filters:
- Fanboys Enhanced Tracking List
- Dan Pollocks hosts file
- hpHostss Ad and tracking servers
- MVPS HOSTS
- Spam404
- And many many other lists

OPEN SOURCE
This adblocker is a fork of the Adblock Plus and uBlock Origin, a community-driven project with hundreds of volunteers making sure that all ads are automatically blocked. The code is open source and used under GPL. Significant portion of the code was rewritten to make this extension faster, efficient and far more reliable. We also REMOVED any tracking code for your privacy.

PRIVACY PERMISSIONS
Adblock Plus ADBLOCKER No Ads !! does not monitor nor collect your browsing history or your personal information to function properly. When installing, Google Chrome browser automatically shows a permission notice about access to your history and website data as it would with any other adblocker. This is a standard message, we NEVER collect any personally identifiable information whatsoever!

Youtube™ and Google Chrome™ are trademarks of Google Inc. Use of these trademarks is subject to Google Permissions. Facebook™ is a trademark of Facebook, inc.

Extension Link
Code:
https://chrome.google.com/webstore/detail/adblocker-no-ads-v2/fbcincnacmiccgelnnaeilgnolmfkjoi
 
E

Eddie Morra

Google should put as much effort in blocking malicious extensions as they do with blocking code added to chrome by security programs
They should put more effort into blocking code injection from banking malware and not just security software as well. Whatever they have been doing all these years, it sure isn't working.