A report by Awake Security indicates that 70 Google Chrome extensions, downloaded by over 32 million people, have been stealing user data and browsing history on a massive scale. The large-scale operation was enabled by a malicious domain registrar, GalComm.
https://www.notebookcheck.net/Massive-criminal-surveillance-campaign-of-malicious-Google-Chrome-extensions-stole-data-from-over-32-million-users-do-you-have-these-installed.476943.0.html
If Awake can post simple plain text name of these chrome extension, it might be more user friendly.
Well, even though I don't use Chrome for eons already, I am still interested in whether these plugin are cross platform, and whether these threat actor also tried to penetrate via other browser.
Lets hope Google might try to improve privacy on Chrome in near future, unlikely, but one can hope.
That is the ugliest formatting I have seen in a while, eve a Pastebin would have looked better.
Nice 'list', 28,000 words with no formatting.
List? Do you mean "WORD"?
That list is unreadable.
I saved the file as a text file with a CSV extension and opened it with Excel to get a table. Not sure if I can post it here but it worked.
It's a TSV file (tabulator separated values). Just open a spreadsheet editor and import it.
Resumed list:
- doc to pdf
- search manager (switch bing, yahoo, google)
- quick mail
- view PDF
Control A to copy the list then open a Google Sheet (probably work in Excel Also), then click into the top left cell. Right click and Select Paste Special, then Select Paste Values Only
This will paste it neatly into Rows and Columns in Sheets and make it very readable.
What extensions need is url level permissions and cookie permissions. So you can control which urls each extension can communicate with or which url it can set cookies for.
It's ironic that the origin of these malware-ridden extensions is the same country that produces the Intel chips with security 'vulnerabilities' in them. The names of the extensions are as follows:
name_slug
securify-for-chrome
browse-safer
search-manager
doctopdf
easyconvertdefault-search
easyconvert
bytefence-secure-browsing
browsing-protector
secure-web-searching
easyconvert
viewpdf
viewpdf
quickmail
search-manager
search-manager
bytefence-secure-browsing
search-manager
secured-search-extension
search-manager
thedocpdfconverter
search-manager
search-manager
viewpdf
search-manager
viewpdf
viewpdf
gofiletopdf
doctopdf
doctopdf
doctopdf
viewpdf
bytefence-secure-browsing
search-manager
browsing-safety-checker
viewpdf
search-manager
pdf-opener
search-manager
viewpdf
easyconvert
securify-for-chrome
doctopdf
search-manager
pdf-opener
search-manager
doctopdf
search-manager
pdf-opener
thedocpdfconverter
doctopdf
pdf-opener
search-manager
ttab
mydocstopdf
doctopdf
thedocpdfconverter
easyconvert
pdf-opener
theeasywaypro
viewpdf
viewpdf
viewpdf
viewpdf
search-manager
search-by-convertfilenow
quicklogin
pdf-opener
easyconvert
easyconvert
mydocstopdf
doctopdf
easyconvert
mydocstopdf
pdf-ninja-converter
pdf2doc
thesecuredweb-protected-b
easyconvert
search-by-convertpdfpro
convertwordtopdf
"malicious domain registrar, GalComm"
Were they the malicious actor, or did someone else register the domains through them?