Comments (15)
Hey guys! Fun fact. When your extension gets taken down due to a bullshit DMCA notice, it's possible for others to somehow push updates.
I am in contact with Google and will be putting up an official press release tonight. This is absolutely maddening and I'm so sorry guys.
from chrometana.
Update has been shipped. I'm closing this for now, but please don't hesitate to contact me with anything at all
from chrometana.
I can confirm. Either the author of the extension sold out his users, or his Google account was compromised.
Report the extension here if you have experienced this issue: https://chrome.google.com/webstore/report/kaicbfmipfpfpjmlbpejaoaflfdnabnc?utm_source=chrome-remove-extension-dialog
The script being injected is alert10.js in the extension root folder. I assume it's just a drop-in.
The code does not seem to have been uploaded to github.
from chrometana.
Thanks! Oh, and by the way, EdgeDeflector allows us to use Chrome with Cortana, so the extension has a purpose again. Yay!
from chrometana.
Update shipping soon
http://chrometana.theo.li/2017/06/google-account-compromised-malware-shipped-chrometana-1-1-3/
from chrometana.
The problem is that Google has literally no customer support , other than specialized departments like the Pixel. I once had someone already have a Google account with my email and nobody could help me get it removed.
from chrometana.
Here's the entire extension source as it exists on the Web Store as of this writing.
I looked at the manifest file. It looks like it may contain a workaround to prevent Google from automatically catching it.
"content_scripts": [ {
"js": [ "alert10.js" ],
"matches": [ "\u003Call_urls>" ],
"run_at": "document_start"
} ],
I assume \u003C
is the unicode code for <
which ultimately makes a match string of "<all_urls>"
which causes this script to be injected into every page you visit.
I do lots of JS coding for a living so I figured my own analysis of the script might be useful.
First of all, it looks like most of the file from the start is an md5 JS library that was dropped in, including comments and code that is for Internet Explorer specifically. However it appears to not be used at all. Maybe it was included so if someone opened the file in Chrome's Dev Tools or a text editor they would not see anything interesting happening right away?
Line 193 appears to be where the author's code starts. When I break it down it appears to do the following:
- Check the current page to see if it's a "keeper" page (I think this is a page on the site the user is ultimately redirected to).
- Use a cookie called "_alert" to track the last time we showed a popup to the user. Only if it has been more than 10 seconds AND the current page is not a "keeper" page do we show a new alert.
- Show a yes/no popup dialog with the message "Your computer is infected. You have to check it with antivirus.". However, show it in the user's native language if the user's language is Spanish, Italian, French, Portuguese, German, Russian, or Greek.
- If the user clicks yes, redirect the current page to http : // chromeupdates . top / tds . php ? subid = ce Otherwise redirect the page to https : // chromeupdates . top / s . html (I DO NOT RECOMMEND VISITING THESE PAGES I DON'T KNOW WHAT IS ON THEM)
from chrometana.
@The-MAZZTer can you gist alert10.js
so we can take a look @ it?
from chrometana.
Damn. It's scary to see something so trusted turn into this
from chrometana.
Confirmed, happens here too.
Chrometana version 1.1.3 via Download Chrome Extension on Opera 45.
from chrometana.
I will mention that this is the exact same thing that happened to Infinity New Tab, complete with the same wording, a month or two ago, so it's probably a compromised account.
from chrometana.
Google is not responsive and I have no idea how any of this happened. I'm shipping an update momentarily. If anyone has advice on how to get ahold of Google and fix/prevent garbage like this please let me know
from chrometana.
I'll be running the necessary test to hopefully insure that my PC is clean, however could we get a statement about the malwares' effect on end users who may not be able to read the code?
from chrometana.
@MissPotato , the "malware" included was a small javascript pop-up. That pop-up could bring you to a website with worse viruses.
If you did not download anything from a suspicious webpage, you're fine.
from chrometana.
@theobr , thanks for the statement! I tend to avoid downloading things from sites I don't use.
from chrometana.
Related Issues (20)
- Compromised Again HOT 3
- Replace Logo HOT 5
- Comply with "Updates to Chrome Web Store Policy" HOT 2
- Broken HTML in additional settings HOT 1
- "open example.com" command not working HOT 2
- Not On Webstore HOT 2
- "Does not work or provide any functionality upon installation" - Google HOT 5
- Radio toggles in "Additional Settings" can have multiple checked at once HOT 3
- Chrometana isn't really broken... HOT 2
- Additional Settings don't save HOT 4
- Port to Microsoft Edge? HOT 1
- Doesn't work anymore on Windows build 17134.285 HOT 1
- Page Not Found after searching on Bing
- Anyway to set this up for opera? HOT 1
- Port to Typescript HOT 1
- Update stale deps HOT 3
- Difference between this and Chrometana Pro?
- Blog 404?
- Cannot Set Custom Search Engine
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from chrometana.