![]() So this is a decoy, the server will serve the actual malicious instructions at some point in the future. This code clearly isn’t meant to run on, a website without any pages. The mask field specifies which websites the code should run on. Given the code in js/options.js, this data makes no sense. They use this access to run a content script on all websites, with code like this: The extension “2048 Classic Game” and similar ones request access to all websites. I’m counting at least 50 more extension in this cluster without obvious malicious functionality, including three casual games. The 34 malicious extensions Google removed recently belonged to this cluster. ![]() This isn’t the only large cluster in Chrome Web Store however, there is at least one more. This article already lists several casual games among other extensions. ![]() Last week, I’ve written about a cluster of browser extensions that would systematically request excessive permissions, typically paired with attempts to make it look like these permissions are actually required. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |