chrome-webstore-extension icon indicating copy to clipboard operation
chrome-webstore-extension copied to clipboard

Published 20 hours ago verified publisher icon operasoftware

Security issue: Can't detect malware extension

Open jinxx0 opened this issue 5 years ago • 2 comments

If the malware extension is removed in Chrome, opera cannot detect it. On October 18, the extension "Nano Adblock & Nano Defender" collected all cookies from Instagram and hacked 100K accounts

jinxx0 avatar Oct 20 '20 16:10 jinxx0

This happened to me with "User Agent Switcher". I'm not exactly sure how this extension works, but it looks like it may have installed one of the new, infected versions of the extension without informing me or updating the version string:

Screen Shot 2021-03-23 at 2 52 15 PM

Supposedly version 1.8.6.3 is not an infected version, but then when I look at the actual source code I can see that it opens up a socket to useragentswitch.com. This gives an attacker a full C&C access to my browser as described here: https://github.com/partridge-tech/chris-blog/blob/main/_content/2020/extensions-the-next-generation-of-malware/user-agent-switcher.md

alexweissman avatar Mar 23 '21 18:03 alexweissman

Yes, ICE was updating extensions in the background so that users would not stay on the old version.

krystian3w avatar Jun 29 '23 06:06 krystian3w