New Update Nano Adblocker and Nano Defender to change ownership

Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,284
oldschool said:
I wonder how many less-savvy users still have these extensions installed? Must be tens of thousands at least.
Click to expand...
I don't know how it is with other browsers but like @insanity posted they are now disabled on Google Chrome.
I wonder for example on Edge it is possible to install extension from another (Google Chrome) store, will they also get disabled?
That could be a case for only using the browsers own extension store.
 
  • Like
Reactions: Cortex, plat, Protomartyr and 4 others
oldschool

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,625
  • Like
  • Applause
Reactions: Cortex, ANNOx, Protomartyr and 3 others
F

ForgottenSeer 85179

Gandalf_The_Grey said:
I don't know how it is with other browsers but like @insanity posted they are now disabled on Google Chrome.
I wonder for example on Edge it is possible to install extension from another (Google Chrome) store, will they also get disabled?
That could be a case for only using the browsers own extension store.
Click to expand...
this need to be allowed manually first. The average user doesn't even know the switch so i think that the risk on Edge is less as that kind of users know already about the problem with that extension.
 
  • Like
Reactions: Cortex, ANNOx, plat and 3 others
A

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,714
Gandalf_The_Grey said:
Good that Google disabled those extensions, because now some suspicious/malware activity seems to have taken place:
github.com

List of compromised websites and scope of damage, by Nano Adblocker and Defender · Issue #5 · jspenguin2017/Snippets

Checklist for everyone affected Login sessions between 10/15 and 10/16 are most likely to be affected Check your Instagram for random likes, even if you didn't visit it for a long time, you might b...
github.com github.com

chris.partridge.tech

Help for Users Impacted by Infected Extensions | tweedge's blog

If 'User-Agent Switcher', 'Nano Adblocker', or 'Nano Defender' sound familiar to you, I might have some bad news. A malware operator I am investigating has e...
chris.partridge.tech chris.partridge.tech

From Ars Technica:

arstechnica.com

Adblockers installed 300,000 times are malicious and should be removed now

If you have Chromium versions of Nano Adblocker or Nano Defender, pay attention.
arstechnica.com arstechnica.com
Click to expand...
I would like to emphasize this part of an article there

"please stop harassing both developers. eSolutions Nordic AB and Hugo Xu have expressed (privately and publicly) that they deeply regret these transactions, and that they never meant to sell their users into this infection. Both parties take pride in their work, which has now been violated by someone who would take advantage of them and the community they’ve built for nefarious purposes."

I hope they are able to get pass this.
 
  • Like
  • +Reputation
  • Applause
Reactions: Deletedmessiah, Cortex, Gandalf_The_Grey and 3 others
Lenny_Fox

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Azure said:
I would like to emphasize this part of an article there

"please stop harassing both developers. eSolutions Nordic AB and Hugo Xu have expressed (privately and publicly) that they deeply regret these transactions, and that they never meant to sell their users into this infection. Both parties take pride in their work, which has now been violated by someone who would take advantage of them and the community they’ve built for nefarious purposes."

I hope they are able to get pass this.
Click to expand...

OKay in general I am not in favor of harassing people, but to be honest, anyone with a tiny bit of customer care would have actively informed their user data base about the ownership transfer in time (with a decent lead time). So I can understand the angry feelings of some of their users. After all the developers got paid (for code they copied 95% of GorHill) and gave their users an infection as reward.
 
  • +Reputation
  • Like
Reactions: Protomartyr, Gandalf_The_Grey, Deletedmessiah and 2 others
A

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
Lenny_Fox said:
anyone with a tiny bit of customer care would have actively informed their user data base about the ownership transfer
Click to expand...
The issue is there's no real way for extension developers to contact their entire userbase.
The only way I can think of is to add a display notifications permission to the extension and then use that to communicate the ownership change. (I'm ignorant of the restrictions placed on extensions so I don't know whether this kind of mass notification would be allowed or not.)

Regardless, while I agree the developers don't deserve to be harassed, they do deserve to be criticized. What they did was irresponsible and demonstrated either an ignorance of the risks selling their extensions could pose, and/or a complete disregard for their users' safety.
 
Last edited:
  • Like
  • Applause
Reactions: Protomartyr, Deletedmessiah, oldschool and 1 other person
J

jacemace

Level 1
Apr 17, 2014
10
Thank you to Gandalf_The_Grey for posting the information about user agent switcher (I had known previously about the nano extensions situation).
I had user agent switcher in a browser, and have now uninstalled it. Thank also for posting the links about infected extensions.

Because of this, I have now decided to add all my extensions in chrome browsers via load unpacked. To do this I will download the crx and put the file in a zip archive - unzip the extension into a folder and on the extensions tab turn on developer mode - and then add the unzipped files through the load unpacked button. If I want to update, I will download and inspect the latest crx, and load it as unpacked.

I have decided to do this after reading the link you posted "Help for Users Impacted by Infected Extensions" - where the writer explained that fraudulent malware operators have been posing as anonymous new developers asking to purchase the rights to the extensions. Then they update it and put in malicious payload codes, and add the update to the chrome web store - and then chrome automatically updates the extension with the malware in it - without any user knowledge or input.

So, as stated, from now on I will only add extensions through the load unpacked button - and manually install new updates after inspecting the updated crx file added to the chrome web store - although this process will take longer.

A side note - some chrome browsers do not auto update extensions - iridium is one of them.


Thanks again.
 
  • Like
Reactions: Protomartyr, oldschool and Gandalf_The_Grey

Similar threads

JoeN
    • Like
New Update AdBlocker Ultimate MV3 Chrome extension
Replies
12
Views
810
Web Extensions
JoeN
JoeN
H
    • Like
    • +Reputation
Under New Management - Chrome extension warns you when extension changes ownership
Replies
3
Views
560
Web Extensions
HarborFront
H
LeMinhThanh
    • Like
New Update SampleFaces.com | Free AI-Generated Profile Pictures for Developers
Replies
1
Views
151
Chatbots and AI
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top