Apparently, Google just changed their Web Store policy to forbid misleading marketing. Let's report this then...

infosec.exchange/@WPalant/1020

Found two more extensions being marketed in this way. One is called "Bild vergrößern", the other "Wiki-Infos." Supposedly, different publishers for all of them. All have been reported to Google.

Show thread

Wow, Mozilla compiled a list with 93 extensions being spread here. Also, they found them executing remote code - I guess that I wasn't thorough enough. New blocklist entry incoming...

Show thread

Looking more into this, I'm confused. Either I am missing something or Mozilla's Andreas Wagner jumped the shark claiming remote code execution here. These extensions certainly have a bunch of security issues, but code execution cannot be triggered by extension developers.

Show thread

The code might rather execute (in the context of a website, not the extension) if a Wikipedia/Twitter link is hovered. Plus, the code would not be loading from a source that the developers control but rather Wikipedia/Twitter APIs. So rather tricky to exploit.

Show thread
Follow

Whoever is running this campaign noticed their extensions being blocklisted, the site will no longer redirect Firefox users - it looks like an actual quiz then. Chrome users are still being redirected to the site tricking them into installing extensions.

· · Web · 1 · 0 · 2

And now the campaign seems to be down for all browsers, no more redirecting. I guess that they try to avoid their Chrome extensions being taken down as well.

Show thread
Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.