Chrome Extension 發現了32個惡意瀏覽器插件!總安裝量高達7500萬次,趕緊檢查!

chrome-extension-malware

Google Chrome Extension 發現惡意插件

Google 昨日從Chrome 網上應用店中刪除了32 個惡意擴展程序,這些擴展程序可能會改變搜索結果並推送垃圾郵件或不需要的廣告。總的來說,它們的下載量為7500 萬。

這些擴展具有合法功能,可以讓用戶不知道混淆代碼中用於傳遞有效負載的惡意行為。

網絡安全研究員Wladimir Palant 分析了Chrome 網上應用店提供的PDF 工具箱擴展(200 萬次下載),發現它包含偽裝成合法擴展API 包裝器的代碼。

安裝量最大的幾個惡意插件:

  • Youtube 的Autoskip——900 萬活躍用戶
chrome extension
  • Soundboost——690 萬活躍用戶
  • Crystal Ad block——680萬活躍用戶
  • Brisk VPN – 560 萬活躍用戶
  • 剪貼板助手——350 萬活躍用戶
  • Maxi Refresher——350 萬活躍用戶
  • 其他帶後面的瀏覽器插件的ID
插件的ID:

aeclplbmglgjpfaikihdlkjhgegehbbf 
afffieldplmegknlfkicedfpbbdbpaef 
ajneghihjbebmnljfhlpdmjjpifeaokc 
ameggholdkgkdepolbiaekmhjiaiiccg 
bafbedjnnjkjjjelgblfbddajjgcpndi 
bahogceckergcanpcoabcdgmoidngedmfo 
bikjmmacnlceobeapchfnlcekincgkng 
bkbdedlenkomhjbfljaopfbmimhdgenl 
bkflddlohelgdmjoehphbkfallnbompm 
bkpdalonclochcahhipekbnedhklcdnp 
bppfigeglphkpioihhhpbpgcnnhpogki 
cajcbolfepkcgbgafllkjfnokncgibpd 
ciifcakemmcbbdpmljdohdmbodagmela 
deebfeldnfhemlnidojiiiadkgnglpi 
diapmightkmmnpmdkfnmlbpkjkealjojg 
dlnanhjfdjgnnmbajgikidobcbfpnblp 
dppnhoaonckcimpejpjodcdoenfjleme 
edadmcnnkkkgmofibeehgaffppadbnbi 
edaflgnfadlopeefcbdlcnjnfkefkhio 
edailiddamlkedgjaoialogpllocmgjg 
edmmaocllgjakiiilohibgicdjndkljp 
eibcbmdmfcgklpkghpkojpaedhloemhi 
enofnamganfiiidbpcmcihkihfmfpobo 
epmmfnfpkjjhgikijelhmomnbeneepbe 
fcndjoibnbpijadgnjjkfmmjbgjmbadk 
fejgiddmdpgdmhhdjbophmflidmdpgdi 
ffiddnnfloiehekhgfjpphceidalmmgd 
fgpeefdjgfeoioneknokbpficnpkddbl 
fhnlapempodiikihjeggpacnefpdemam 
finepngcchiffimedhcfmmlkgjmeokpp 
flmihfcdcgigpfcfjpdcniidbfnffdcf 
fpfmkkljdiofokoikgglafnfmmffmmhc 
gdlbpbalajnhpfklckhciopjlbbiepkn 
geokkpbkfpghbjdgbganjkgfhaafmhbo 
gfbgiekofllpkpaoadjhbbfnljbcimoh 
ghabgolckcdgbbffijkkpamcphkfihgm 
glfondjanahgpmkgjggafhdnbbcidhgf 
gliolnahchemnmdjengkkdhcpdfehkhi 
gnmjmennllheofmojjffnidneaohleln 
hdgdghnfcappcodemanhafioghjhlbpb 
hdifogmldkmbjgbgffmkphfhpdfhjgmh 
hhhbnnlkhiajhlfmedeifcniniopfaoo 
higffkkddppmfcpkcolamkhcknhfhdlo 
hmakjfeknhkfmlckieeepnnldblejdbd 
icnekagcncdgpdnpoecofjinkplbnocm 
iejlgecgghdfhnappmejmhkgkkakbefg 
igefbihdjhmkhnofbmnaglkafpaancf 
igfpifinmdgadnepcpbddpndnlkdela 
iicpikopjmmincpjkckdngpkmlcchold 
imfnolmlkamfkegkhlpofldehcfghkhk 
jbolpidmijgjfkcpndcngibedciomlhd 
jjooglnnhopdfiiccjbkjdcpplgdkbmo 
jlhmhmjkoklbnjjocicepjjjpnnbhodj 
kafnldcilonjofafnggijbhknjhpffcd 
keecjmliebjajodgnbcegpmnalopnfcb 
kjeffohcijbnlkgoaibmdcfconakaajm 
lcdaafomaehnnhjgbgbdpgpagfcfgddg 
lgjdgmdbfhobkdbcjnpnlmhnplnidkkp 
lhpbjmgkppampoeecnlfibfgodkfmapd 
likbpmomddfoeelgcmmgilhmefinonpo 
lipmdblppejomolopniipdjlpfjcojob 
lklmhefoneonjalpjcnhaidnodopinib 
llcogfahhcbonemgkdjcjclaahplbldg 
lmcboojgmmaafdmgacncdpjnpnnhpmei 
lpejglcfpkpbjhmnnmpmmlpblkcmdgmi 
magnkhldhhgdlhikeighmhlhonpmlolk 
mcmdolplhpeopapnlpbjceoofpgmkahc 
meljmedplehjlnnaempfdoecookjenph 
nadenkhojomjfdcppbhhncbfakfjiabp 
nbocmbonjfbpnolapbknojklafhkmplk 
ngbglchnipjlikkfpfgickhnlpchdlco 
njglkaigokomacaljolalkopeonkpbik 
obeokabcpoilgegepbhlcleanmpgkhcp 
obfdmhekhgnjollgnhjhedapplpmbpka 
oejfpkocfgochpkljdlmcnibecancpnl 
okclicinnbnfkgchommiamjnkjcibfid 
olkcbimhgpenhcboejacjpmohcincfdb 
ooaehdahoiljphlijlaplnbeaeeimhbb 
pbdpfhmbdldfoiognphkiocpidecmbp 
pbebadpeajadcmaoofljnnfgofehnpeo 
pidecdgcabcolloikegacdjejomeodji 
pinnfpbpjancnbidnnhpemakncopaega