I troubled myself with preparing a decrypted version. The part of the code that was injected into the pseudo-analytics script does a very simple thing: it adds an obfuscated script into every freshly opened tab. But don't you decide that these are measures to hide a spooky script, I've got more for you. The thing is, the malefactor's server tracks your browser's cookies and only inserts malicious code for users it can recognize. Keep in mind, it will only transform for you personally - any other person will see the same old harmless script. You don't want to see your browser extensions do that The snag is, just you wait a couple days and this script will 'evolve' a bit: Every such extension loads a seemingly harmless script with 'analytics' from. They are perfect specimens to illustrate the 'botnet' thesis as well - they don't become malicious right away but only after receiving a signal from a remote server. Also, I am sure there are actually more extensions like this, and CWS team will be able to find them all. It consists of all kinds of extensions, but the biggest part are all kinds of "wallpaper" extensions. Note that fake ad blockers is just a small part of this group. This group is especially curious because of the measures they take to conceal their actions. It includes 295 extensions with total number of 80 million users if we're to believe Chrome Web Store data. This is the most large-scale group of malicious extensions from my experience.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |