Extension pulled from Web Store (suspected for Malware?) #225
Comments
|
I should have been more clear, the above are messages in Chrome |
|
Got the same message for version 2.5.0, which was updated last July I believe. To my untrained eye I have not noticed anything abnormal, assuming the extension was compromised back in July. No browser redirects, no ad injections, no suspicious login attempts, and BitDefender did not pick up anything. Anyone with the know-how that can shed light on what exactly was malicious with version 2.5.0? |
|
I could find absolutely nothing whatsoever, nor was I able to force it. I've had to switch to https://blocksite.co/ in Whitelist mode. Unfortunately, it doesn't seem to sync the settings between browsers, like this, but barring pulling this down, building it, signing it, and uploading it to the Webstore myself, I don't see an alterative. |
|
I sent Mr. Perez Alvarez an email in case he hasn't seen this yet. |
|
Sorry, I hadn't seen this. I sold the extension some months ago to a company that said they wanted to add new features (people were using it but were not donating, and I didn't have free time to maintain it any more, so I ended up selling). I guess the company's intention wasn't to develop it, but to add spyware/malware. I could build from source and submit the extension under a new name, but I would still have the problem of lack of time and lack of incentive to do so. |
|
Everybody feel free to fork the extension and submit it under your name. As long as you respect the terms of the license, I'm cool with it. |
|
@unindented Thank you for the information. Can't blame you for selling the extension in good faith, but it would have been nice to somehow inform users that this sale happened, as this kind of stuff happening afterwards is unfortunately all too common. I've always had this extension enabled in the background since I trusted it (being open source and all), so if they did any malicious information gathering or worse between the sale and now being blocked by Google, I wouldn't even have known (and, in fact, I don't, so unfortunately I have to assume they did). For a somewhat privacy-minded user, this is extremely worrying. Please keep this in mind if you ever find yourself in a similar position again. |
|
I just discovered this extension on the Chrome Web Store and assumed it was safe. Now I'm concerned that someone else can inject malicious or tracking code into it without us knowing. I forked this repo and went through the process of submitting a new extension to the Chrome Store that I intend to maintain and keep open source. Unfortunately, due to the broad permissions this extension requires, the app review process may take several weeks. I will update this issue when it passes review. Thanks to the great work of the author it was really easy to package the extension and submit it! |
|
Update: This is now published on the Chrome Web Store. I rebranded slightly to avoid any potential legal issues, since the code is open-source but someone may have rights to the name. Feel free to create issues or submit pull requests to the new repo: |
|
what did the attacker have access? What could the attacker have done?. Could you help us to guide what We should do in this case? |
Whitelist Manager
This extension contains malware.
This is as of March 5th 2020.
The text was updated successfully, but these errors were encountered: