Gandalf_The_Grey

Level 38
Verified
Trusted
Content Creator
I wonder how many less-savvy users still have these extensions installed? Must be tens of thousands at least.
I don't know how it is with other browsers but like @insanity posted they are now disabled on Google Chrome.
I wonder for example on Edge it is possible to install extension from another (Google Chrome) store, will they also get disabled?
That could be a case for only using the browsers own extension store.
 

oldschool

Level 57
Verified

security123

Level 27
Verified
I don't know how it is with other browsers but like @insanity posted they are now disabled on Google Chrome.
I wonder for example on Edge it is possible to install extension from another (Google Chrome) store, will they also get disabled?
That could be a case for only using the browsers own extension store.
this need to be allowed manually first. The average user doesn't even know the switch so i think that the risk on Edge is less as that kind of users know already about the problem with that extension.
 

Azure

Level 26
Verified
Content Creator
Good that Google disabled those extensions, because now some suspicious/malware activity seems to have taken place:


From Ars Technica:

I would like to emphasize this part of an article there

"please stop harassing both developers. eSolutions Nordic AB and Hugo Xu have expressed (privately and publicly) that they deeply regret these transactions, and that they never meant to sell their users into this infection. Both parties take pride in their work, which has now been violated by someone who would take advantage of them and the community they’ve built for nefarious purposes."

I hope they are able to get pass this.
 

Lenny_Fox

Level 15
Verified
I would like to emphasize this part of an article there

"please stop harassing both developers. eSolutions Nordic AB and Hugo Xu have expressed (privately and publicly) that they deeply regret these transactions, and that they never meant to sell their users into this infection. Both parties take pride in their work, which has now been violated by someone who would take advantage of them and the community they’ve built for nefarious purposes."

I hope they are able to get pass this.

OKay in general I am not in favor of harassing people, but to be honest, anyone with a tiny bit of customer care would have actively informed their user data base about the ownership transfer in time (with a decent lead time). So I can understand the angry feelings of some of their users. After all the developers got paid (for code they copied 95% of GorHill) and gave their users an infection as reward.
 

Arequire

Level 26
Verified
Content Creator
anyone with a tiny bit of customer care would have actively informed their user data base about the ownership transfer
The issue is there's no real way for extension developers to contact their entire userbase.
The only way I can think of is to add a display notifications permission to the extension and then use that to communicate the ownership change. (I'm ignorant of the restrictions placed on extensions so I don't know whether this kind of mass notification would be allowed or not.)

Regardless, while I agree the developers don't deserve to be harassed, they do deserve to be criticized. What they did was irresponsible and demonstrated either an ignorance of the risks selling their extensions could pose, and/or a complete disregard for their users' safety.
 
Last edited:

jacemace

Level 1
Thank you to Gandalf_The_Grey for posting the information about user agent switcher (I had known previously about the nano extensions situation).
I had user agent switcher in a browser, and have now uninstalled it. Thank also for posting the links about infected extensions.

Because of this, I have now decided to add all my extensions in chrome browsers via load unpacked. To do this I will download the crx and put the file in a zip archive - unzip the extension into a folder and on the extensions tab turn on developer mode - and then add the unzipped files through the load unpacked button. If I want to update, I will download and inspect the latest crx, and load it as unpacked.

I have decided to do this after reading the link you posted "Help for Users Impacted by Infected Extensions" - where the writer explained that fraudulent malware operators have been posing as anonymous new developers asking to purchase the rights to the extensions. Then they update it and put in malicious payload codes, and add the update to the chrome web store - and then chrome automatically updates the extension with the malware in it - without any user knowledge or input.

So, as stated, from now on I will only add extensions through the load unpacked button - and manually install new updates after inspecting the updated crx file added to the chrome web store - although this process will take longer.

A side note - some chrome browsers do not auto update extensions - iridium is one of them.


Thanks again.
 
Top