Reverse Engineering Rogue Kaspersky browser extension

4

436880927

Thread author
Hi.

The other day it took me less than a few seconds to find a rogue browser extension for Chromium browsers on the Chrome Web Store, masquerading as Kaspersky Anti-Virus. I reported the browser extension and it has since been removed from the store. It's been awhile since I went hunting for rogue browser extensions masquerading as anti-virus products, but last time I did, I found almost thirty of them with very little effort.

For the record, the browser extension had been installed by nearly 500 people at the time of finding it.


1. MANIFEST FILE

The manifest file specifies information about the browser extension - such as the name of the extension, version, manifest version, required permissions, etc. - and will be parsed by the Chromium engine. The format of the manifest file is JavaScript Object Notation (JSON).


WyB0on.jpg



Code:
{
"update_url": "https://clients2.google.com/service/update2/crx",
    "manifest_version":2,
    "name":"Kaspersky Anti-Virus FREE",
    "description":"Kaspersky Anti-Virus FREE is the best antivirus software, it is highly appreciated and completely free",
    "version":"1.0.1",
    "chrome_url_overrides":{
        "newtab":"newpage.html"
    },
    "browser_action":{
        "default_icon":"icon.png"
    },
    "permissions":[
        "tabs"
    ],
    "background":{
        "scripts":["background.js"],
        "persistent":false
    }
   
}


The update_url property is used to specify the address of an XML document which will contain the latest version information for your browser extension. Google's official documentation states that every few hours, Google Chrome will use that XML document in order to automatically detect new updates for the browser extension [1].

The manifest_version property is used to specify the manifest specification being used by the browser extension [2].

The name property is used to specify the name of the browser extension. This name will be displayed on the browser's extension manager page. In this case, the specified value for the name_property is "Kaspersky Anti-Virus FREE".

The description property is used to specify an explanation for the browser extension - for example, it's purpose. This will also be displayed on the browser's extension manager page. In this case, the specified value for the description property is "Kaspersky Anti-Virus FREE is the best antivirus software, it is highly appreciated and completely free".

The version property is used to specify the browser extension's version. This will also be displayed on the browser's extension manager page.

The chrome_url_overrides property is used to specify which official Google Chrome pages should be replaced with pages packaged with the browser extension [3]. In this case, the browser extension is attempting to override the page which appears when a new tab is created by the browser - it wants the new tab page to be replaced with the contents of the newpage.html document which is packaged with the browser extension.

The browser_action property is used to specify an icon, tooltip, badge or popup. In this case, the browser extension is only using it to provide an icon.

The permissions property is used to specify the required permissions the browser extension needs in order to function properly. Without specifying the required permissions, you'll be prevented from doing anything which requires the permissions in question. In this case, the browser extension is requesting permission to interact with the browser's tabs.

The background property is used to specify background scripts for the browser extension. In this case, the browser extension has one background script (background.js - packaged with the browser extension) which is not persistent.


2. BACKGROUND SCRIPTS

The background script used by the browser extension - background.js - is really small and straight-forward. It's intention is to promote through the use of unsolicited tabs - if we remember back from earlier, the browser extension requires a permission in order to interact with the browser's tab system.


RGk9Q1.jpg



Code:
chrome.browserAction.onClicked.addListener(function(){
    //chrome.tabs.create({'url':"chrome://newtab"})
    chrome.tabs.create({'url':"https://downloadfreexgame.com/2019/06/02/anti-virus-kaspersky-free-for-windows/"})
})
chrome.windows.onCreated.addListener(function (window) {
    chrome.tabs.getAllInWindow(window.id, function(tabs) {
        if (tabs[tabs.length-1].pinned) {
        chrome.tabs.create({'url':"https://downloadfreexgame.com/2019/06/02/anti-virus-kaspersky-free-for-windows/"});
        }
    });
});
chrome.runtime.onInstalled.addListener(function() {
    chrome.tabs.create({'url':"https://downloadfreexgame.com/2019/06/02/anti-virus-kaspersky-free-for-windows/"});
});

The first function of the background script is a callback routine that will be invoked whenever the user clicks on the browser extension's icon where the browser extensions are displayed at the top right of the browser. When the function runs, the chrome.tabs.create API will be used to create a new tab with the destination being the following URL: hxxps://downloadfreexgame.com/2019/06/02/anti-virus-kaspersky-free-for-windows/

The second function of the background script is a callback routine that will be invoked whenever a window creation event for Google Chrome is triggered. When the function runs, depending on whether a particular tab is pinned or not, the chrome.tabs.create API will be used again to create a new tab with the same URL destination as before.

The third (and last) function of the background script will do the same as the first function but only once the browser extension has just been installed.


3. PAGE OVERRIDES

The browser extension overrides the Google Chrome page for when a new tab is created as previously noticed in the thread - the newpage.html document packaged with the browser extension replaces Google Chrome's default new tab page.

HTML from the document:

Code:
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <title>Kaspersky Anti-Virus FREE</title>
   
<!-- This site is optimized with the Yoast SEO plugin v11.2.1 - https://yoast.com/wordpress/plugins/seo/ -->
<meta name="description" content="Kaspersky Anti-Virus FREE is a new version of a well-known anti-virus program that now has more powerful tools, refurbished designs, better usability and better protection against threats. Online and completely free"/>
<meta name="robots" content="noindex,follow"/>
<meta property="og:locale" content="en_US" />
<meta property="og:type" content="article" />
<meta property="og:title" content="Kaspersky Anti-Virus FREE" />
<meta property="og:description" content="Kaspersky Anti-Virus FREE is a new version of a well-known anti-virus program that now has more powerful tools, refurbished designs, better usability and better protection against threats. Online and completely free" />
<meta property="og:url" content="https://downloadfreexgame.com/2019/06/02/anti-virus-kaspersky-free-for-windows/" />
<meta property="og:site_name" content="Download Free Game PC" />
<meta property="article:section" content="Apps" />
<meta property="article:published_time" content="2019-06-02T14:11:59+04:00" />
<meta property="article:modified_time" content="2019-06-02T16:27:36+04:00" />
<meta property="og:updated_time" content="2019-06-02T16:27:36+04:00" />
<meta name="twitter:card" content="summary_large_image" />
<meta name="twitter:description" content="Kaspersky Anti-Virus FREE is a new version of a well-known anti-virus program that now has more powerful tools, refurbished designs, better usability and better protection against threats. Online and completely free" />
<meta name="twitter:title" content="Kaspersky Anti-Virus FREE" />
<meta name="twitter:image" content="https://downloadfreexgame.com/wp-content/uploads/2019/06/anti-virus-kaspersky-free-for-windows-212.png" />
<script type='application/ld+json' class='yoast-schema-graph yoast-schema-graph--main'>{"@context":"https://schema.org","@graph":[{"@type":"Organization","@id":"https://downloadfreexgame.com/#organization","name":"","url":"https://downloadfreexgame.com/","sameAs":[]},{"@type":"WebSite","@id":"https://downloadfreexgame.com/#website","url":"https://downloadfreexgame.com/","name":"Download Free Game PC","publisher":{"@id":"https://downloadfreexgame.com/#organization"},"potentialAction":{"@type":"SearchAction","target":"https://downloadfreexgame.com/?s={search_term_string}","query-input":"required name=search_term_string"}},{"@type":"WebPage","@id":"https://downloadfreexgame.com/2019/06/02/anti-virus-kaspersky-free-for-windows/#webpage","url":"https://downloadfreexgame.com/2019/06/02/anti-virus-kaspersky-free-for-windows/","inLanguage":"en-US","name":"Kaspersky Anti-Virus FREE","isPartOf":{"@id":"https://downloadfreexgame.com/#website"},"image":{"@type":"ImageObject","@id":"https://downloadfreexgame.com/2019/06/02/anti-virus-kaspersky-free-for-windows/#primaryimage","url":"https://downloadfreexgame.com/wp-content/uploads/2019/06/anti-virus-kaspersky-free-for-windows-212.png","width":64,"height":64},"primaryImageOfPage":{"@id":"https://downloadfreexgame.com/2019/06/02/anti-virus-kaspersky-free-for-windows/#primaryimage"},"datePublished":"2019-06-02T14:11:59+04:00","dateModified":"2019-06-02T16:27:36+04:00","description":"Kaspersky Anti-Virus FREE is a new version of a well-known anti-virus program that now has more powerful tools, refurbished designs, better usability and better protection against threats. Online and completely free"},{"@type":"Article","@id":"https://downloadfreexgame.com/2019/06/02/anti-virus-kaspersky-free-for-windows/#article","isPartOf":{"@id":"https://downloadfreexgame.com/2019/06/02/anti-virus-kaspersky-free-for-windows/#webpage"},"author":{"@id":"https://downloadfreexgame.com/author/pcgame/#author","name":"pcgame"},"publisher":{"@id":"https://downloadfreexgame.com/#organization"},"headline":"Kaspersky Anti-Virus FREE","datePublished":"2019-06-02T14:11:59+04:00","dateModified":"2019-06-02T16:27:36+04:00","commentCount":0,"mainEntityOfPage":"https://downloadfreexgame.com/2019/06/02/anti-virus-kaspersky-free-for-windows/#webpage","image":{"@id":"https://downloadfreexgame.com/2019/06/02/anti-virus-kaspersky-free-for-windows/#primaryimage"},"articleSection":"Apps"},{"@type":"Person","@id":"https://downloadfreexgame.com/author/pcgame/#author","name":"pcgame","image":{"@type":"ImageObject","@id":"https://downloadfreexgame.com/#personlogo","url":"https://secure.gravatar.com/avatar/a8f1ebe9e36f1f54f770bd3a78e313da?s=96&d=mm&r=g","caption":"pcgame"},"sameAs":[]}]}</script>
<!-- / Yoast SEO plugin. -->
<link rel='dns-prefetch' href='//s.w.org' />
<link rel="alternate" type="application/rss+xml" title="Download Free Game PC &raquo; Kaspersky Anti-Virus FREE Comments Feed" href="https://downloadfreexgame.com/2019/06/02/anti-virus-kaspersky-free-for-windows/feed/" />
        <script type="text/javascript">
            window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/downloadfreexgame.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.2.1"}};
            !function(a,b,c){function d(a,b){var c=String.fromCharCode;l.clearRect(0,0,k.width,k.height),l.fillText(c.apply(this,a),0,0);var d=k.toDataURL();l.clearRect(0,0,k.width,k.height),l.fillText(c.apply(this,b),0,0);var e=k.toDataURL();return d===e}function e(a){var b;if(!l||!l.fillText)return!1;switch(l.textBaseline="top",l.font="600 32px Arial",a){case"flag":return!(b=d([55356,56826,55356,56819],[55356,56826,8203,55356,56819]))&&(b=d([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]),!b);case"emoji":return b=d([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340]),!b}return!1}function f(a){var c=b.createElement("script");c.src=a,c.defer=c.type="text/javascript",b.getElementsByTagName("head")[0].appendChild(c)}var g,h,i,j,k=b.createElement("canvas"),l=k.getContext&&k.getContext("2d");for(j=Array("flag","emoji"),c.supports={everything:!0,everythingExceptFlag:!0},i=0;i<j.length;i++)c.supports[j[i]]=e(j[i]),c.supports.everything=c.supports.everything&&c.supports[j[i]],"flag"!==j[i]&&(c.supports.everythingExceptFlag=c.supports.everythingExceptFlag&&c.supports[j[i]]);c.supports.everythingExceptFlag=c.supports.everythingExceptFlag&&!c.supports.flag,c.DOMReady=!1,c.readyCallback=function(){c.DOMReady=!0},c.supports.everything||(h=function(){c.readyCallback()},b.addEventListener?(b.addEventListener("DOMContentLoaded",h,!1),a.addEventListener("load",h,!1)):(a.attachEvent("onload",h),b.attachEvent("onreadystatechange",function(){"complete"===b.readyState&&c.readyCallback()})),g=c.source||{},g.concatemoji?f(g.concatemoji):g.wpemoji&&g.twemoji&&(f(g.twemoji),f(g.wpemoji)))}(window,document,window._wpemojiSettings);
        </script>
        <style type="text/css">
img.wp-smiley,
img.emoji {
    display: inline !important;
    border: none !important;
    box-shadow: none !important;
    height: 1em !important;
    width: 1em !important;
    margin: 0 .07em !important;
    vertical-align: -0.1em !important;
    background: none !important;
    padding: 0 !important;
}
</style>
    <link rel='stylesheet' id='dashicons-css'  href='https://downloadfreexgame.com/wp-includes/css/dashicons.min.css?ver=5.2.1' type='text/css' media='all' />
<link rel='stylesheet' id='admin-bar-css'  href='https://downloadfreexgame.com/wp-includes/css/admin-bar.min.css?ver=5.2.1' type='text/css' media='all' />
<link rel='stylesheet' id='wp-block-library-css'  href='https://downloadfreexgame.com/wp-includes/css/dist/block-library/style.min.css?ver=5.2.1' type='text/css' media='all' />
<link rel='stylesheet' id='yoast-seo-adminbar-css'  href='https://downloadfreexgame.com/wp-content/plugins/wordpress-seo/css/dist/adminbar-1121.min.css?ver=11.2.1' type='text/css' media='all' />
<script>if (document.location.protocol != "https:") {document.location = document.URL.replace(/^http:/i, "https:");}</script><link rel='https://api.w.org/' href='https://downloadfreexgame.com/wp-json/' />
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://downloadfreexgame.com/xmlrpc.php?rsd" />
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://downloadfreexgame.com/wp-includes/wlwmanifest.xml" />
<meta name="generator" content="WordPress 5.2.1" />
<link rel='shortlink' href='https://downloadfreexgame.com/?p=212' />
<link rel="alternate" type="application/json+oembed" href="https://downloadfreexgame.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fdownloadfreexgame.com%2F2019%2F06%2F02%2Fanti-virus-kaspersky-free-for-windows%2F" />
<link rel="alternate" type="text/xml+oembed" href="https://downloadfreexgame.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fdownloadfreexgame.com%2F2019%2F06%2F02%2Fanti-virus-kaspersky-free-for-windows%2F&#038;format=xml" />
<style type="text/css" media="print">#wpadminbar { display:none; }</style>
    <style type="text/css" media="screen">
    html { margin-top: 32px !important; }
    * html body { margin-top: 32px !important; }
    @media screen and ( max-width: 782px ) {
        html { margin-top: 46px !important; }
        * html body { margin-top: 46px !important; }
    }
</style>
        <!-- jquery -->
    <script src="https://code.jquery.com/jquery-3.3.1.js"></script>
    <!-- material css -->
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0-beta/css/materialize.min.css">
    <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
    <script src="https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0-beta/js/materialize.min.js"></script>
    <!-- google font Raleway -->
    <link href="https://fonts.googleapis.com/css?family=Raleway" rel="stylesheet">
    <link rel="stylesheet" href="https://downloadfreexgame.com/wp-content/themes/fxgame/style.css?v=1559493182" type="text/css" media="screen,projection"/>
    <!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-141233695-1"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());
  gtag('config', 'UA-141233695-1');
</script>
    </head>
<body data-rsssl=1>
    <div class="thePage">
        <header class="header clearfixed">
            <div class="container">
                <a id="trigger-menu" class="trigger-menu" href="#"><i class="material-icons">menu</i></a>
                <a class="logo" href="https://downloadfreexgame.com">Download Free Game PC</a>
                <ul id="menu" class="menu hidden-on-mobile">
                    <li class="menu-item"><a href="https://downloadfreexgame.com/"><span itemprop="name">HOME</span></a></li>
                    <li class="menu-item"><a href="/apps"><span itemprop="name">APPS</span></a></li>
                    <li class="menu-item"><a href="/games"><span itemprop="name">GAMES</span></a></li>
                </ul>
            </div>
        </header>
        <center><script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<!-- downloadxgame-header -->
<ins class="adsbygoogle"
     style="display:inline-block;width:728px;height:90px"
     data-ad-client="ca-pub-9725475299497253"
     data-ad-slot="7841470691"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
            </script></center>
        <div class="body">
            <div class="container row nomargin">
            <div class="col s12 l8 p-list">
    <nav class="z-depth-0 zbreadcrumbs cat-frame clearfixed">  
                <div class="nav-wrapper"><div class="col s12"><a href="https://downloadfreexgame.com/" class="breadcrumb" class="home">Home</a>  <a href="https://downloadfreexgame.com/apps/" class="breadcrumb">Apps</a>  <a class="breadcrumb current">Kaspersky Anti-Virus FREE</a></div></div>         </nav>
           
            <article>
                <h2 class="p-title">
                    Kaspersky Anti-Virus FREE               </h2>
                <div class="p-meta">
                    <time datetime="1559470319">02/06/2019</time> by
                    <span><a href="#">pcgame</a></span>
                </div>
               
                <div class="p-content clearfixed">         
                    <p><div>
Kaspersky Anti-Virus is the new edition of the well-known antivirus program, now with a more powerful engine, a revamped style, better usability, and greater protection against online dangers.
</div>
<div>
<div id="review-app-page-desktop-wrapper" class="seethrough">
<div class="ad-content-wrapper">
<p class="banner__title">Advertisement</p>                                  <h4 class="title-line">Kaspersky Anti-Virus FREE</h4>                                  
                                <div class="post_image"><img src="https://images.sftcdn.net/images/t_app-cover-l,f_auto/p/9de631e4-96d2-11e6-be3c-00163ec9f5fa/3837294782/kaspersky-anti-virus-screenshot.jpg"/></div>                                  <table class="striped">
                                    <tr>
                                        <td>Compatible OS</td>
                                        <td>Windows 7,Windows 8,Windows XP,Windows 8.1,Windows 10,Windows 2000,Windows 2003</td>
                                    </tr>
                                                                            <tr>
                                            <td>License: </td>
                                            <td>Trial version</td>
                                        </tr>
                                                                            <tr>
                                            <td>OS: </td>
                                            <td>Windows Vista</td>
                                        </tr>
                                                                            <tr>
                                            <td>Downloads: </td>
                                            <td>2M</td>
                                        </tr>
                                                                            <tr>
                                            <td>Language: </td>
                                            <td>English</td>
                                        </tr>
                                                                            <tr>
                                            <td>Version: </td>
                                            <td>19.0.0.1088</td>
                                        </tr>
                                                                            <tr>
                                            <td>Developer: </td>
                                            <td>Kaspersky Lab | More Programs (52)</td>
                                        </tr>
                                                                            <tr>
                                            <td>User rating: </td>
                                            <td>8/10   (9188 votes)</td>
                                        </tr>
                                                                        <tr>
                                        <td>Languages:</td>
                                        <td>
                                            English, Portuguese, Czech, Korean, Japanese, Turkish, Portuguese, French, Danish, Spanish, German, Hindi, Swedish, Greek, Polish, Dutch, Arabic, Italian, Russian, Chinese, Chinese                                        </td>
                                    </tr>
                                    </table>
                    <script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<!-- downloadxgame-auto -->
<ins class="adsbygoogle"
     style="display:block"
     data-ad-client="ca-pub-9725475299497253"
     data-ad-slot="1052878672"
     data-ad-format="link"
     data-full-width-responsive="true"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
                                                                        <a class="btn-download" title="DownLoad" href="https://kaspersky-anti-virus.en.softonic.com/download">
                                        DownLoad                                    </a>
                                                                    <p>
<div class="ad-content">
<div id="review-app-page-desktop"></div>
</div>
</div>
</div>
<h3>Turn your computer into a fortress</h3>
Kaspersky Anti-Virus  intercepts, blocks and removes viruses, worms, trojans, spyware, keyloggers, rootkits and other types of malware.
The <b>real-time protection</b> is excellent with files, emails and Internet traffic getting filtered effectively. The program also protects against phishing by identifying and blocking links to sites that have been infected with malware.
Kaspersky Anti-Virus also includes a <b>self-defense</b> mechanism that blocks files that are acting weird, useful for preventing attacks from potential malware that hasn't yet been recognized by the database. On top of that, this new version of Kaspersky provides additional protection against <b>ransomware</b>.
In the Tools section of Kaspersky Anti-Virus , you can find some very useful system security options:
<ul>
    <li style="list-style-type: none;">
<ul>
    <li><b>Vulnerability scan: </b>identifies flaws in the system or in any third-party apps you have installed, allowing you to immediately repair any problems;</li>
</ul>
</li>
</ul>
<ul>
    <li style="list-style-type: none;">
<ul>
    <li><strong>Kaspersky Rescue Disk</strong>: creates a bootable CD or USB drive with the engine;</li>
</ul>
</li>
</ul>
<ul>
    <li style="list-style-type: none;">
<ul>
    <li><strong>Windows Troubleshooting</strong>: analyzes the system and repairs any problems caused by malicious software;</li>
</ul>
</li>
</ul>
<ul>
    <li style="list-style-type: none;">
<ul>
    <li><strong>Privacy Cleaner</strong>: cleans the system of unnecessary files (cookies, cache, log etc.);</li>
</ul>
</li>
</ul>
<ul>
    <li style="list-style-type: none;">
<ul>
    <li><strong>Browser Configuration</strong>: analyzes your Internet Explorer settings and suggests ways to optimize security (this tool is incompatible with other browsers);</li>
</ul>
</li>
</ul>
<ul>
    <li style="list-style-type: none;">
<ul>
    <li><strong>Cloud Protection</strong>: provides immediate protection against new threats as well as real-time information about the security and reputations of the web sites you visit.</li>
</ul>
</li>
</ul>
Finally, KAV has introduced a new feature that <b>automatically updates</b> the program to the latest version available.
<h3>A new design</h3>
Kaspersky has a renewed design: this new version is dedicated to efficiency with <b>a sharper and more user-friendly interface</b>.
The main screen shows the protection status of your computer and provides easy access to the most important areas: scans, updates, reports and a virtual keyboard. Additional options can be accessed by clicking on the Show Additional Tools button.
The basic configuration of Kaspersky Anti-Virus is excellent for most users. More experienced users can personalize their configuration by going to the Settings menu (not visible in the interface).
</div>
<div>
<h3>A powerful and reliable anti-virus, but with no significant changes</h3>
Kaspersky Anti-Virus (KAV) is one of the most popular antiviruses on the market. The antivirus scanning engine is among the best available and its new design makes it even more user-friendly.
As far as new features go, there aren't really any big innovations in the last version, but the tools and options have been generally improved, along with the antivirus performance.
KAV <b>consumes less resources </b>compared to the previous edition, but it still has a long way to go in that respect. Although it is a great antivirus, it works better when used on computers with good hardware.
</div></p><div class="post_image"><img src="https://images.sftcdn.net/images/t_app-cover-l,f_auto/p/9de631e4-96d2-11e6-be3c-00163ec9f5fa/3527369271/kaspersky-anti-virus-screen-KAV-02.png"/></div>                
                   
                </div>
                <div class="p-footer">
                    <span class="entry-categories">Categories: <a href="https://downloadfreexgame.com/apps/">Apps</a>, </span>              </div>
            </article>
</div>
<div class="col s12 l4">
<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<!-- downloadxgame-auto -->
<ins class="adsbygoogle"
     style="display:block"
     data-ad-client="ca-pub-9725475299497253"
     data-ad-slot="1052878672"
     data-ad-format="auto"
     data-full-width-responsive="true"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
    <form class="frm-search" action="https://downloadfreexgame.com/">
        <input name="s" value="" placeholder="Search here.."/>
        <button><i class="material-icons">search</i></button>
    </form>
    <h2 class="recent-post-title">Recent post</h2>
    <ul class="recent-post">
        <li><a href="https://downloadfreexgame.com/2019/06/02/anti-virus-kaspersky-free-for-windows/">Kaspersky Anti-Virus FREE</a></li><li><a href="https://downloadfreexgame.com/2019/06/02/candy-crush-saga/">Candy Crush Saga</a></li><li><a href="https://downloadfreexgame.com/2019/06/02/nox-app-player-for-windows/">Nox APP Player for Windows</a></li><li><a href="https://downloadfreexgame.com/?p=204">Brave for Windows</a></li><li><a href="https://downloadfreexgame.com/2019/06/01/jiotv/">JioTV</a></li><li><a href="https://downloadfreexgame.com/2019/06/01/uc-browser/">UC Browser</a></li><li><a href="https://downloadfreexgame.com/2019/06/01/netflix-for-pc/">NetFlix for PC</a></li><li><a href="https://downloadfreexgame.com/?p=179">Similar to                                  CreeHack</a></li><li><a href="https://downloadfreexgame.com/?p=176">Cookpad - Recipe Sharing for iPhone</a></li><li><a href="https://downloadfreexgame.com/2019/05/31/mozilla-firefox/">Mozilla Firefox</a></li>       
    </ul>
</div>          </div>
        </div>
        <footer>
            <center>
                <p>Copyright © 2018 | Download Free Game PC !</p>
            </center>
        </footer>
    </div>
    <script>
        jQuery(function(){
            jQuery('#trigger-menu').click(function(){
                var $menu = jQuery("#menu");
                if($menu.hasClass('hidden-on-mobile')){
                    $menu.removeClass('hidden-on-mobile');
                }else{
                    $menu.addClass('hidden-on-mobile');
                }
            });
        });
    </script>
    <script type='text/javascript' src='https://downloadfreexgame.com/wp-includes/js/admin-bar.min.js?ver=5.2.1'></script>
<script type='text/javascript' src='https://downloadfreexgame.com/wp-includes/js/wp-embed.min.js?ver=5.2.1'></script>
    <!--[if lte IE 8]>
        <script type="text/javascript">
            document.body.className = document.body.className.replace( /(^|\s)(no-)?customize-support(?=\s|$)/, '' ) + ' no-customize-support';
        </script>
    <![endif]-->
    <!--[if gte IE 9]><!-->
        <script type="text/javascript">
            (function() {
                var request, b = document.body, c = 'className', cs = 'customize-support', rcs = new RegExp('(^|\\s+)(no-)?'+cs+'(\\s+|$)');
                        request = true;
       
                b[c] = b[c].replace( rcs, ' ' );
                // The customizer requires postMessage and CORS (if the site is cross domain)
                b[c] += ( window.postMessage && request ? ' ' : ' no-' ) + cs;
            }());
        </script>
    <!--<![endif]-->
            <div id="wpadminbar" class="nojq nojs">
                            <a class="screen-reader-shortcut" href="#wp-toolbar" tabindex="1">Skip to toolbar</a>
                        <div class="quicklinks" id="wp-toolbar" role="navigation" aria-label="Toolbar">
                <ul id='wp-admin-bar-root-default' class="ab-top-menu"><li id='wp-admin-bar-wp-logo' class="menupop"><a class='ab-item' aria-haspopup="true" href='https://downloadfreexgame.com/wp-admin/about.php'><span class="ab-icon"></span><span class="screen-reader-text">About WordPress</span></a><div class="ab-sub-wrapper"><ul id='wp-admin-bar-wp-logo-default' class="ab-submenu"><li id='wp-admin-bar-about'><a class='ab-item' href='https://downloadfreexgame.com/wp-admin/about.php'>About WordPress</a></li></ul><ul id='wp-admin-bar-wp-logo-external' class="ab-sub-secondary ab-submenu"><li id='wp-admin-bar-wporg'><a class='ab-item' href='https://wordpress.org/'>WordPress.org</a></li><li id='wp-admin-bar-documentation'><a class='ab-item' href='https://codex.wordpress.org/'>Documentation</a></li><li id='wp-admin-bar-support-forums'><a class='ab-item' href='https://wordpress.org/support/'>Support</a></li><li id='wp-admin-bar-feedback'><a class='ab-item' href='https://wordpress.org/support/forum/requests-and-feedback'>Feedback</a></li></ul></div></li><li id='wp-admin-bar-site-name' class="menupop"><a class='ab-item' aria-haspopup="true" href='https://downloadfreexgame.com/wp-admin/'>Download Free Game PC</a><div class="ab-sub-wrapper"><ul id='wp-admin-bar-site-name-default' class="ab-submenu"><li id='wp-admin-bar-dashboard'><a class='ab-item' href='https://downloadfreexgame.com/wp-admin/'>Dashboard</a></li></ul><ul id='wp-admin-bar-appearance' class="ab-submenu"><li id='wp-admin-bar-themes'><a class='ab-item' href='https://downloadfreexgame.com/wp-admin/themes.php'>Themes</a></li><li id='wp-admin-bar-menus'><a class='ab-item' href='https://downloadfreexgame.com/wp-admin/nav-menus.php'>Menus</a></li></ul></div></li><li id='wp-admin-bar-customize' class="hide-if-no-customize"><a class='ab-item' href='https://downloadfreexgame.com/wp-admin/customize.php?url=https%3A%2F%2Fdownloadfreexgame.com%2F2019%2F06%2F02%2Fanti-virus-kaspersky-free-for-windows%2F'>Customize</a></li><li id='wp-admin-bar-updates'><a class='ab-item' href='https://downloadfreexgame.com/wp-admin/update-core.php' title='2 Plugin Updates'><span class="ab-icon"></span><span class="ab-label">2</span><span class="screen-reader-text">2 Plugin Updates</span></a></li><li id='wp-admin-bar-comments'><a class='ab-item' href='https://downloadfreexgame.com/wp-admin/edit-comments.php'><span class="ab-icon"></span><span class="ab-label awaiting-mod pending-count count-0" aria-hidden="true">0</span><span class="screen-reader-text comments-in-moderation-text">0 Comments in moderation</span></a></li><li id='wp-admin-bar-new-content' class="menupop"><a class='ab-item' aria-haspopup="true" href='https://downloadfreexgame.com/wp-admin/post-new.php'><span class="ab-icon"></span><span class="ab-label">New</span></a><div class="ab-sub-wrapper"><ul id='wp-admin-bar-new-content-default' class="ab-submenu"><li id='wp-admin-bar-new-post'><a class='ab-item' href='https://downloadfreexgame.com/wp-admin/post-new.php'>Post</a></li><li id='wp-admin-bar-new-media'><a class='ab-item' href='https://downloadfreexgame.com/wp-admin/media-new.php'>Media</a></li><li id='wp-admin-bar-new-page'><a class='ab-item' href='https://downloadfreexgame.com/wp-admin/post-new.php?post_type=page'>Page</a></li><li id='wp-admin-bar-new-user'><a class='ab-item' href='https://downloadfreexgame.com/wp-admin/user-new.php'>User</a></li></ul></div></li><li id='wp-admin-bar-edit'><a class='ab-item' href='https://downloadfreexgame.com/wp-admin/post.php?post=212&#038;action=edit'>Edit Post</a></li><li id='wp-admin-bar-wpseo-menu' class="menupop"><a class='ab-item' aria-haspopup="true" href='https://downloadfreexgame.com/wp-admin/admin.php?page=wpseo_dashboard'><div id="yoast-ab-icon" class="ab-item yoast-logo svg"><span class="screen-reader-text">SEO</span></div><div class="wpseo-score-icon adminbar-seo-score na"><span class="adminbar-seo-score-text screen-reader-text">SEO score: Not available</span></div></a><div class="ab-sub-wrapper"><ul id='wp-admin-bar-wpseo-menu-default' class="ab-submenu"><li id='wp-admin-bar-wpseo-configuration-wizard'><a class='ab-item' href='https://downloadfreexgame.com/wp-admin/admin.php?page=wpseo_configurator'>Configuration Wizard</a></li><li id='wp-admin-bar-wpseo-kwresearch' class="menupop"><div class="ab-item ab-empty-item" tabindex="0" aria-haspopup="true"><span class="wp-admin-bar-arrow" aria-hidden="true"></span>Keyword Research</div><div class="ab-sub-wrapper"><ul id='wp-admin-bar-wpseo-kwresearch-default' class="ab-submenu"><li id='wp-admin-bar-wpseo-kwresearchtraining'><a class='ab-item' href='https://yoa.st/wp-admin-bar?php_version=7.1&#038;platform=wordpress&#038;platform_version=5.2.1&#038;software=free&#038;software_version=11.2.1&#038;days_active=6-30' target='_blank'>Keyword research training</a></li><li id='wp-admin-bar-wpseo-adwordsexternal'><a class='ab-item' href='https://yoa.st/keywordplanner' target='_blank'>Google Ads</a></li><li id='wp-admin-bar-wpseo-googleinsights'><a class='ab-item' href='https://yoa.st/google-trends' target='_blank'>Google Trends</a></li></ul></div></li><li id='wp-admin-bar-wpseo-analysis' class="menupop"><div class="ab-item ab-empty-item" tabindex="0" aria-haspopup="true"><span class="wp-admin-bar-arrow" aria-hidden="true"></span>Analyze this page</div><div class="ab-sub-wrapper"><ul id='wp-admin-bar-wpseo-analysis-default' class="ab-submenu"><li id='wp-admin-bar-wpseo-inlinks'><a class='ab-item' href='https://search.google.com/search-console/links/drilldown?resource_id=https%3A%2F%2Fdownloadfreexgame.com&#038;type=EXTERNAL&#038;target=https%3A%2F%2Fdownloadfreexgame.com%2F2019%2F06%2F02%2Fanti-virus-kaspersky-free-for-windows%2F&#038;domain=' target='_blank'>Check links to this URL</a></li><li id='wp-admin-bar-wpseo-kwdensity'><a class='ab-item' href='http://www.zippy.co.uk/keyworddensity/index.php?url=https%3A%2F%2Fdownloadfreexgame.com%2F2019%2F06%2F02%2Fanti-virus-kaspersky-free-for-windows%2F&#038;keyword=' target='_blank'>Check Keyphrase Density</a></li><li id='wp-admin-bar-wpseo-cache'><a class='ab-item' href='//webcache.googleusercontent.com/search?strip=1&#038;q=cache:https%3A%2F%2Fdownloadfreexgame.com%2F2019%2F06%2F02%2Fanti-virus-kaspersky-free-for-windows%2F' target='_blank'>Check Google Cache</a></li><li id='wp-admin-bar-wpseo-header'><a class='ab-item' href='//quixapp.com/headers/?r=https%3A%2F%2Fdownloadfreexgame.com%2F2019%2F06%2F02%2Fanti-virus-kaspersky-free-for-windows%2F' target='_blank'>Check Headers</a></li><li id='wp-admin-bar-wpseo-structureddata'><a class='ab-item' href='https://search.google.com/structured-data/testing-tool#url=https%3A%2F%2Fdownloadfreexgame.com%2F2019%2F06%2F02%2Fanti-virus-kaspersky-free-for-windows%2F' target='_blank'>Google Structured Data Test</a></li><li id='wp-admin-bar-wpseo-facebookdebug'><a class='ab-item' href='//developers.facebook.com/tools/debug/og/object?q=https%3A%2F%2Fdownloadfreexgame.com%2F2019%2F06%2F02%2Fanti-virus-kaspersky-free-for-windows%2F' target='_blank'>Facebook Debugger</a></li><li id='wp-admin-bar-wpseo-pinterestvalidator'><a class='ab-item' href='https://developers.pinterest.com/tools/url-debugger/?link=https%3A%2F%2Fdownloadfreexgame.com%2F2019%2F06%2F02%2Fanti-virus-kaspersky-free-for-windows%2F' target='_blank'>Pinterest Rich Pins Validator</a></li><li id='wp-admin-bar-wpseo-htmlvalidation'><a class='ab-item' href='//validator.w3.org/check?uri=https%3A%2F%2Fdownloadfreexgame.com%2F2019%2F06%2F02%2Fanti-virus-kaspersky-free-for-windows%2F' target='_blank'>HTML Validator</a></li><li id='wp-admin-bar-wpseo-cssvalidation'><a class='ab-item' href='//jigsaw.w3.org/css-validator/validator?uri=https%3A%2F%2Fdownloadfreexgame.com%2F2019%2F06%2F02%2Fanti-virus-kaspersky-free-for-windows%2F' target='_blank'>CSS Validator</a></li><li id='wp-admin-bar-wpseo-pagespeed'><a class='ab-item' href='//developers.google.com/speed/pagespeed/insights/?url=https%3A%2F%2Fdownloadfreexgame.com%2F2019%2F06%2F02%2Fanti-virus-kaspersky-free-for-windows%2F' target='_blank'>Google Page Speed Test</a></li><li id='wp-admin-bar-wpseo-google-mobile-friendly'><a class='ab-item' href='https://www.google.com/webmasters/tools/mobile-friendly/?url=https%3A%2F%2Fdownloadfreexgame.com%2F2019%2F06%2F02%2Fanti-virus-kaspersky-free-for-windows%2F' target='_blank'>Mobile-Friendly Test</a></li></ul></div></li><li id='wp-admin-bar-wpseo-settings' class="menupop"><div class="ab-item ab-empty-item" tabindex="0" aria-haspopup="true"><span class="wp-admin-bar-arrow" aria-hidden="true"></span>SEO Settings</div><div class="ab-sub-wrapper"><ul id='wp-admin-bar-wpseo-settings-default' class="ab-submenu"><li id='wp-admin-bar-wpseo-general'><a class='ab-item' href='https://downloadfreexgame.com/wp-admin/admin.php?page=wpseo_dashboard'>General</a></li><li id='wp-admin-bar-wpseo-titles'><a class='ab-item' href='https://downloadfreexgame.com/wp-admin/admin.php?page=wpseo_titles'>Search Appearance</a></li><li id='wp-admin-bar-wpseo-search-console'><a class='ab-item' href='https://downloadfreexgame.com/wp-admin/admin.php?page=wpseo_search_console'>Search Console</a></li><li id='wp-admin-bar-wpseo-social'><a class='ab-item' href='https://downloadfreexgame.com/wp-admin/admin.php?page=wpseo_social'>Social</a></li><li id='wp-admin-bar-wpseo-tools'><a class='ab-item' href='https://downloadfreexgame.com/wp-admin/admin.php?page=wpseo_tools'>Tools</a></li><li id='wp-admin-bar-wpseo-licenses'><a class='ab-item' href='https://downloadfreexgame.com/wp-admin/admin.php?page=wpseo_licenses'>Premium</a></li><li id='wp-admin-bar-wpseo-courses'><a class='ab-item' href='https://downloadfreexgame.com/wp-admin/admin.php?page=wpseo_courses'>Courses</a></li></ul></div></li></ul></div></li></ul><ul id='wp-admin-bar-top-secondary' class="ab-top-secondary ab-top-menu"><li id='wp-admin-bar-search' class="admin-bar-search"><div class="ab-item ab-empty-item" tabindex="-1"><form action="https://downloadfreexgame.com/" method="get" id="adminbarsearch"><input class="adminbar-input" name="s" id="adminbar-search" type="text" value="" maxlength="150" /><label for="adminbar-search" class="screen-reader-text">Search</label><input type="submit" class="adminbar-button" value="Search"/></form></div></li><li id='wp-admin-bar-my-account' class="menupop with-avatar"><a class='ab-item' aria-haspopup="true" href='https://downloadfreexgame.com/wp-admin/profile.php'>Howdy, <span class="display-name">pcgame</span><img alt='' src='https://secure.gravatar.com/avatar/a8f1ebe9e36f1f54f770bd3a78e313da?s=26&#038;d=mm&#038;r=g' srcset='https://secure.gravatar.com/avatar/a8f1ebe9e36f1f54f770bd3a78e313da?s=52&#038;d=mm&#038;r=g 2x' class='avatar avatar-26 photo' height='26' width='26' /></a><div class="ab-sub-wrapper"><ul id='wp-admin-bar-user-actions' class="ab-submenu"><li id='wp-admin-bar-user-info'><a class='ab-item' tabindex="-1" href='https://downloadfreexgame.com/wp-admin/profile.php'><img alt='' src='https://secure.gravatar.com/avatar/a8f1ebe9e36f1f54f770bd3a78e313da?s=64&#038;d=mm&#038;r=g' srcset='https://secure.gravatar.com/avatar/a8f1ebe9e36f1f54f770bd3a78e313da?s=128&#038;d=mm&#038;r=g 2x' class='avatar avatar-64 photo' height='64' width='64' /><span class='display-name'>pcgame</span></a></li><li id='wp-admin-bar-edit-profile'><a class='ab-item' href='https://downloadfreexgame.com/wp-admin/profile.php'>Edit My Profile</a></li><li id='wp-admin-bar-logout'><a class='ab-item' href='https://downloadfreexgame.com/wp-login.php?action=logout&#038;_wpnonce=58e5abed3d'>Log Out</a></li></ul></div></li></ul>            </div>
                        <a class="screen-reader-shortcut" href="https://downloadfreexgame.com/wp-login.php?action=logout&#038;_wpnonce=58e5abed3d">Log Out</a>
                    </div>
        </body>
</html>


4. REFERENCES

[1] - AUTOUPDATING


"Every few hours, the browser checks whether any installed extensions or apps have an update URL. For each one, it makes a request to that URL looking for an update manifest XML file. If the update manifest mentions a version that is more recent than what's installed, the browser downloads and installs the new version. As with manual updates, the new .crx file must be signed with the same private key as the currently installed version."



[2] - MANIFEST VERSION

"Developers should specify which version of the manifest specification their package targets by setting a manifest_version key in their manifests."



[3] - OVERRIDE PAGES

"Override pages are a way to substitute an HTML file from your extension for a page that Google Chrome normally provides. In addition to HTML, an override page usually has CSS and JavaScript code."


[4] - CHROME.TABS


[5] - CHROME.WINDOWS


[6] - CHROME.RUNTIME

 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I am curious why such stupid extensions are not checked properly by Google?
They probably think that 5$ developer signup fee (for up to 20 extensions) is not enough to bother with checking.:(
@Opcode, did they pay you anything or said: "Thank you"?
 
4

436880927

Thread author
Did this malicious developer had any other released extensions etc?
It's possible - they could have used different accounts under different names and targeted different products to masquerade as. Last time I went on a big hunt for rogue AV extensions, almost all of the cases were too alike to have been coincidental, so my guess was it was the same person behind most or all of them (I'm referring to the internals of the rogue browser extensions as well as how they were presented on the Chrome Web Store).

I've started routinely doing searches under well-known AV brands so I can try and catch them early-on before innocent users fall victim to them but for now it seems Kaspersky is in the clear.

The Chrome Web Store is not designed very well when it comes to monitoring who uploads what because Google doesn't allow you to see account connections based on factors like IP address (for active accounts on the Chrome Web Store - if they did this, it'd be troublesome though given some people will be using VPNs or proxies) and they do not even allow you to overview the uploads for a particular user.

On the Chrome Web Store, anyone can claim the extension is "offered by" anyone it seems - countless times I see bogus "offered by" on extensions where the claim is untrue. Furthermore, there might be an issue of modifying the information post-vetting requirements having been met (as well as the extension).
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top