The extension shares other suspicious or suspicious similarity. Most of the codes in each are extremely excessive, a design choice that provides no benefit other than complicating the process of analyzing and understanding how it behaves.
All of them are all except Non -list In the Chrome Web Store. This position only makes the extension of the extension that makes merely visible for long -syd -seedrum string users in the Extension URL, and thus, they do not appear in the web store or search engine search results. It is unclear how these 35 non -list extensions collectively acquired 4 million installations, or on average about 114,000 installations per extension, when they were very difficult to find.
In addition, 10 of them have been sealed to the “prominent” position, which is Google Reserves For developers whose identity has been confirmed and “Follow our technical best methods and meet the high standards of user experience and design.”
Is an example extension Fire Shield Extension ProtectionThe irony is that the irony is to check the chrome installations for the presence of any suspicious or malicious extension. One of the key files of JavaScript files refers to several objectionable domains, where they can upload data and download instructions and code.
The URL, which is in the code, is in its code.
Credit: Safe Inks
Especially a domain – know.com the remaining 34 apps.
Touchner tried to analyze what had been extended on the site, but he was widely failed by OBFCD code and developer through other steps taken to hide his behavior. When the researcher, for example, opened the fireshield expansion on the lab device, he opened an empty web page. Clicking on the installed extension icon usually provides an option menu, but the fireshield did not disclose anything when he did it. After that the tricker fired Background service worker To find indicators about what is happening in the Chrome developer tools. He soon realized that the extension is connected to the URL on the FireSildat.com and has taken some action under the common category “Browser_Asion_Clikid”. He tried to mobilize additional events but came empty -handed.