The page you are looking for is temporarily unavailable.
Please try again later

Tech & Science How To Tell Legit Chrome Extensions From Malware

03:16  05 june  2018
03:16  05 june  2018 Source:

Love Island’s Sophie Monk admits ‘I wanted to escape!’

  Love Island’s Sophie Monk admits ‘I wanted to escape!’ In this OK! exclusive, Love Island host Sophie Monk talks to us about her break-up with Stu Laundy, how she's healing and all the goss on the Love Island hotties!And for a moment, it looked like Sophie Monk had finally found the happily ever after she'd always dreamed of.

a person standing in front of a computer© Provided by Lifehacker Australia

We all fall victim to the dangerous belief that if an app or extension is listed in an official repository - be it the App Store, Google Play, the Microsoft Store, Mozilla's Add-Ons directory or so on - it must be legitimate. After all, the big tech companies surely use a lot of automated systems (and real human beings) to ensure that their customers aren't downloading harmful things. Right?

Unfortunately, as a recent AdGuard report reminded us, you can't trust big tech to keep your devices safe. Malware slips through the cracks, and you need to do a little policing of your own to ensure that what you're about to download to your device or computer is legitimate. While you won't be able to catch sophisticated pieces of malware disguised as real apps, it isn't hard to filter out more obvious crap.

Google Photos' web version now behaves like a native app

  Google Photos' web version now behaves like a native app Not everyone can justify downloading the Google Photos app on their phone, and that just hasn't been an option on computers. There are still limitations to the web version. You can't see offline photos or receive push notifications (say, when the Assistant has produced a new edit). If those aren't deal-breakers, though, this should be a viable alternative when you can't (or just don't want to) install conventional software to manage your image library.

Make sure you're downloading the right extension

I'm going to focus on Chrome extensions for this how-to guide, but the same advice generally holds true for any apps you're downloading: From the web, from an app store, from wherever.

You always want to make sure you're downloading the right extension or application, especially if you vaguely remember the name of something you read somewhere that's great for your PC, or some extension that a friend mentioned in a conversation that you now sort-of think you found. Nuh-huh. Do not download the extension unless you know exactly what you're getting.

If you need any additional proof, here's a quick list of the five big malware extensions AdGuard named in its research - all of which have since been pulled by Google, and all of which had anywhere from 30,000 to more than 10 million users. I've also thrown in the names of legitimate extensions. Can you tell which is which?

Socceroos warned about danger of Russian hackers before World Cup

  Socceroos warned about danger of Russian hackers before World Cup From the moment they formed camp, the Socceroos' players were briefed about their biggest threat at the World Cup in Russia. It has the potential to derail the team's plans without Australia realising until they've already lost. That briefing wasn't an analysis on France's forward line. It did not involve Denmark's machine-like midfield and the pace and fluidity of Peru wasn't mentioned. Instead, the first presentation was on the threat of hacking in Russia.Cyber security is singlehandedly the biggest security concern for the Socceroos at the World Cup held in a country described as "a haven for hackers".

  • Adblock
  • AdRemover for Google Chrome
  • uBlock Plus
  • uBlock Origin
  • AdBlocker Ultimate
  • Adblock Pro
  • HD for YouTube
  • Auto HD For YouTube
  • Webutation
a screenshot of a cell phone© Provided by Lifehacker Australia

Tricky, isn't it? And while a quick web search can usually help you tell if an extension is legitimate or not - as solid extensions are more likely to have strong recommendations from a number of legitimate technology and news sites - it isn't a perfect method. You might still be fooled if someone in a forum somewhere recommends a scammy extension such as uBlock Plus and you take that as truth.

When in doubt, consider the authenticity of the sources of information you've searched for. For example, if Gizmodo suggests downloading uBlock Origin, but then Reddit user "poopchute88" says uBlock Plus is the best browser extension ever - well, we hope you'll trust our friends around the corner.

Everything You Need To Know About The Plan To Kill Internet Passwords

  Everything You Need To Know About The Plan To Kill Internet Passwords Passwords just don't work all that well for our modern-day websites and web apps.This latest push to make logins seamless, secure and smooth comes via the Web Authentication standard proposed by the FIDO (Fast Identity Online) Alliance for authentication protocols, and the World Wide Web Consortium (W3C), the standards organisation responsible for the bulk of what makes up the internet. It's supported in Firefox 60 and Chrome 67, and here's how it works.

Give the extension's description a once-over

Even the best extension creators might not be master wordsmiths, so you have to be a little thoughtful about this tip. If you read through an extension's description and it just doesn't feel right - maybe there are some strange phrasings, horrible misspellings, or the whole thing just feels a little off - you might want to do some extra research into the legitimacy of the extension.

Also, just because an extension uses open-source terminology doesn't mean that it's legitimate. Consider the language found in the description of AdRemover for Google Chrome, one of the malware extensions named in AdGuard's report:

Disclaimer: This extension is not affiliated or related in any way with other software or adblocker. GPLv3 Code from Adblock is used and stated in the source code. Enhanced adblock, tracking protection and bitcoin mining protection.

Sounds slightly more like a real extension, right? Well, no. But the fake extension sure tries to make seem like it's the natural evolution of a number of legitimate-sounding extensions:

Google’s enterprise ambition is the reason behind Gmail’s redesign

  Google’s enterprise ambition is the reason behind Gmail’s redesign The recent redesign of Gmail is exciting news and has been a long time coming. The majority of those who use Gmail for personal email may not be aware of how aggressively Google has been targeting and gaining traction in the enterprise space, and that they have successfully converted millions of businesses to G Suite and corporate Gmail.

Open Source: Code used in this adblocker extension: Base Template of Adblock for Chrome, Banner Implementation of Adblock Pro, User Statistics of the original Adblock for Chrome before switch to Adblock Plus code, Google Analytics of Superblock - Adblock, filterlist-extension of uBlock Adblocker, Popup Code by Adguard Adblock, statistics from Fair Adblock, options page of Adblock Super, Popup Blocker inspired by Pop up blocker for Chrome™ - Poper Blocker.

a screenshot of a cell phone© Provided by Lifehacker Australia

In actuality, the extension's creator is probably just trying to keyword stuff as much as possible, to ensure a greater likelihood of this malware appearing when users search for the legitimate extensions it references. Compare this description against part of the description for, say, the much-loved (and legitimate) Adblock Plus:

An easy-to-use, customisable ad-blocking browser extension, Adblock Plus gives you control over your Google Chrome browsing experience. Block annoying and intrusive ads for a cleaner, better web experience. Blocking ads also reduces the risk of infection from malvertising campaigns. Users also have the option to add personal filters and whitelist websites.

Used by millions worldwide, Adblock Plus is a community-driven open source project. Hundreds of volunteers contribute daily to ensure that all intrusive ads are blocked.

Stan Lee files for restraining order against his manager

  Stan Lee files for restraining order against his manager Keya Morgan was arresting earlier this week.TMZ said the case type of the newly filed docs is "Elder/Dependent Adult Abuse Prevention.

Could a malware creator write a description as smooth as that? Sure. Again, we're not trying to point to a single definitive example that separates a legitimate extension from malware. However, you can probably start to see how the malware's description doesn't quite pass the smell test - and even if it does, there's more to investigate.

Check for bogus reviews

Some malware writers are crafty and try to legitimise their extensions by suggesting that they have been reviewed by authentic news sources. While anyone can lie, it's easy to catch those who put absolutely no effort into creating a fake breadcrumb trail for their malware. Once again, we turn to an example from the bogus AdRemover for Google Chrome extension. In its description, you would have found the following:

"On par with other adblock software" - MediumTech

"Default filterlists work fine on this adblock" - FrugalLiving

"Some missing features, but easy to use adblock" - FrugalLiving

"Slower than uBlock but more intuitive interface" - Zing

This one's almost too simple. First off, there is no tech review site called "MediumTech", nor is there a FrugalLiving or a Zing. But even if any of these sites existed, you can also just copy and paste the quotes directly into your favourite search engine. In this case, they don't map to any of of the tech review sites listed - and, in fact, only seem to surface the malware extension in search results. Hmmmm.

The same holds true for the "benchmarks" AdRemover for Google Chrome listed in its description:

Tested by Raymonds Tech Ressources [yes, the malware's developer even spelled this fake website's name wrong]

Firefox makers working on voice-controlled web browser called Scout

  Firefox makers working on voice-controlled web browser called Scout You could ask the browser, which boasts tremendous accessibility potential, to load a website, and it could read it to you.The nonprofit revealed the Scout project in an agenda item for an all-hands meeting taking place this week in San Francisco. "With the Scout app, we start to explore browsing and consuming content with voice," Mozilla said. A sample command shows how it might work: "Hey Scout, read me the article about polar bears.

- Performance Test - Tracker Protection

5% faster average loadtimes against Adguard

- Performance Test - Adblock

90% faster average loadtimes in comparison to no Adblock software at all

2% faster average loadtimes in comparison to Superblock - Adblocker

5% faster average loadtimes in comparison to Adguard - Adblocker

62% less peak cpu usage in in comparison to Adblock Pro

12% less peak cpu usage in in comparison to Superblock - Adblocker and Adguard - Adblocker

As fast as Adblock Pro, Simply Block Ads! and Adblock Super, but with additional blocked trackers.

Again, there's no site called "Raymonds Tech Ressources", nor even one called "Raymonds Tech Resources". Even if there was, a quick web search could easily confirm two things: Whether this site is legitimate and whether the site has actually posted the benchmarks the extension references in its description.

While we suppose a super-savvy malware creator could create a few fake reviews websites to make an extension look legit, most don't like to put in the effort. Heck, most don't even make a website for their own extensions, as Make Tech Easier notes:

Most malicious ad removal extension creators are too lazy to make entirely new websites. They will instead usurp the identities of other developers (e.g. "AdRemover" vs. "Ad Remover" and "uBlock Adblocker" vs. "uBlock Plus Adblocker"). Others will not even make a website for their extensions (Superblock being a great example of this).

Do not trust, do not verify; just go and find the legitimate website and activate the extension from there. Or if you're anywhere near as lazy as I am, search for what's popular, find the legit source for it, then slap it on.

Consider the commenters

Just because someone has a good experience with an extension doesn't mean that it's legitimate. However, if the extension seems rather new-ish, and it doesn't have a lot of reviews, but every single review gives it a five-star rating with a bit of text that seems a little stilted, you should eye the extension with suspicion. Here are a few examples that you would have seen on AdRemover for Google Chrome's page:

Jowanna S. - ★★★★★

"Nice adblocker! Highly recommended for chrome users!"

Ruand S. - ★★★★★

"My favourite ad blocker."

Lewis A. - ★★★★★

"I hated theese facebook ads so much, so installed ad blocker. Thank you"

Cecilia - ★★★★★

"Excellent Adblocker !! Blocked all the unwanted & irritating pop ups! Never without Adblock."

Patricia D. - ★★★★★

"Not pestered by anymore unwanted ads. Great app. The best adblock."

Alden D. - ★★★★★

"I love AdRemover Adblocker. It's brilliant! It's also the best. No more ads. User other adblocker but this is good."

It's possible that a new extension's users think it's the greatest thing since Netscape. But these reviews just seem a little off to us: Spelling errors such as "I hated theese facebook ads"; odd comments such as "I love AdRemover Adblocker", which isn't even the name of the extension; and the bluntness of most of the five-star reviews that don't really mention any features or use cases, just their love for the extension. If your spider-sense isn't tingling by now, it should be.

Photo of Nigerian man allegedly being buried in new BMW SUV goes viral .
Not what it seems.

—   Share news in the SOC. Networks

Topical videos:

This is interesting!