Browser extensions are cross-platform
That's the thing: a browser extension that does not use native operating system executables at all and simply runs in browser should be as OS-agnostic as a Flash game. If I had a machine stolen and didn't know what OS the thieves had installed but could push a program to it by a known IP address, that's exactly how I would do it. A browser extension that keylogs passphrases entered into websites, for instance, is a monetizable cross-platform attack that could target not only your online accounts but your bank accounts too if you ever bank online! Also, for that malicious login don't forget plain old phishing, man in the middle attacks on wifi access points-even with WPS if a weak passphrase is used, all the usual stuff.
Originally Posted by Mat2
My computer has not been stolen and hasn't been used by anyone except me. These are the extensions that I currently use in Google Chrome:
- "Top Stories" Section Remover
- Adblock for Youtube™
- Adblock Plus
- Better History
- Google Apps Script
- Google Docs
- Google Drawings
- Google Voice (by Google)
- Google+ Notifications
- High Contrast
- Image Properties Context Menu
- KnowURL: Expand tiny short links
- NetBeans Connector
- NotScripts (like NoScript for Firefox but in Google Chrome)
- Password Peek
- Personal Blocklist (by Google)
- Plus Minus (For showing/hiding anyone/group in the main stream, but does not work with new Google+ and still worked on by developer)
- Radium (EPUB reader for Chrome)
- Responsive Web Design Tester (for testing to see if a website will fit well with a mobile device)
- Scientific Calculator
- Secure Shell
- Take me to my Youtube™ Subscriptions (Automatically redirects you to Uploads only of your subscriptions.)
- User-Agent Switcher for Chrome
And that's about it. I don't think any of the extensions would trigger adcash.com to open up a malicious site, so I'm out of ideas now. Well, at least I did not see any tabs showing up with porn/malicious site today while surfing the Internet.
Is anyone else seeing Adcash while using Phoronix?
If this shows up surfing Phoronix from a live disk, the problem is at Phoronix or at an adserver used by Phoronix. If this is so a lot of users should see it, at least in a single geographic area using the same browser.
Originally Posted by GraysonPeddie
If one user only see this and it does not reappear when using a live disk, but DOES reappear on the main OS, than the problem is on that computer. If the problem does not reappear at all, diagnosis after the fact is quite beyond me.
I cannot evaluate the listed extensions as I do not have Chrome installed due to distrust of Google. It's a lot of extensions overall, you might do a Startpage search checking each extension one at a time to see if any malicious updates have been reported. There have been several cases in Firefox where an originally safe extension was subsequently monetized by the addition of adware to it, waiting for users to update to the malicious versions. Also, is it possible in Chrome for the author of a malicious extenson to hide it from being listed?
If you don't want to use adblocking extensions or want to whitelist sites for other adservers, you might want to 127.0.0.1 out adcash.com in your /etc/hosts file to prevent ever connecting to them again.
Yeah, I'm going to 127.0.0.1 them out. Thanks.
The problem of extention monetization was in Chrome, not in Firefox (it was some kind of an RSS reader AFAIR).
Originally Posted by Luke
I heard a report of different extensions being made malicious in Firefox
I heard a report somewhere of this shit turning up in firefox extensions as well, but can't remember where. Anyway, if it can be done for one browser it can be done in another, as the basic concept is exactly the same. Whatever it was, I DO recall more than one extension was involved. The problem of updates that do things you don't want (mostly just bugs or function removal, though) is ugly enough I keep known good .mozilla directory tarballs in case I have to roll back a bad update. I especially worry about Ghostery going bad in the future given who bought it and it's importance. If I get a crapware version in the future I will simply roll back.
Originally Posted by Mat2