(old)Puppy Linux Discussion Forum

https://thehackernews.com/2020/02/chrom ... lware.html

Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers.

These extensions were part of a malvertising and ad-fraud campaign that's been operating at least since January 2019, although evidence points out the possibility that the actor behind the scheme may have been active since 2017.

In addition to requesting extensive permissions that granted the plugins access to clipboard and all the cookies stored locally in the browser, they periodically connected to a domain that shared the same name as the plugin (e.g., Mapstrekcom, ArcadeYumcom) to check for instructions on getting themselves uninstalled from the browser.

Upon making initial contact with the site, the plugins subsequently established contact with a hard-coded C2 domain — e.g., DTSINCEcom — to await further commands, the locations to upload user data, and receive updated lists of malicious ads and redirect domains, which subsequently redirected users' browsing sessions to a mix of legitimate and phishing sites.

What an interesting paradox.
The chrome browser itself "steal" or takes your data too,

xenial. wrote:What an interesting paradox.
The chrome browser itself "steal" or takes your data too,

Governments jealously enforce their exclusive right to create money.

And no, that's not a mistake. Contrary to the misinformation spread by Right-Wing Economists and mistakenly assumed by most of the public, Governments don't just remove money created in the Private Sector. Rather, Governments both franchise and control the creation of money. Banks are the franchisees, benefiting from their exclusive licenses to create money but subject to laws limiting how much money (and under what circumstances) it can be created; if and when Governments choose to make and enforce such laws.

Money, like electricity and irrigation, is a flow system. Control the flow and you control who lives and who dies. If you've been paying attention during the last few years, and especially recently, you'll have realized how much Government (and those who actually control it) is involved in the creation and flow of money. We 'haven't had enough money' to feed and house Americans in need; re-build our failing infra-structure which would create jobs in America for Americans. And Universal Health Care will ruin 'the Economy'. But we suddenly have trillions of dollars to prop-up industries, even those which common sense tells you will fail. We can compel those who have to work in order to obtain the flow of money to themselves for food and other necessities to stay home. But our Government chose not to prohibit during that period the continued accumulation of the flow of 'payments due' to those whose income flow is passive: rent, mortgages, finance charges.

And contrary to the dictum of Right-Wing Jurists, money is not "speech". Like information money is power. Money is the social tool we use that enables us to exchange our goods and services with absolute strangers confident that we will receive something in return we can exchange with other strangers. Information is our tool enabling us to choose which exchange best serves our individual interests. Control either and "Freedom" is a synonym of "wishful thinking".

snippet ...Like information money is power...

Money is the God who's worshiped by almost all men!

And women!

Google just removed 70 more... most to do with pdf <---> doc and some seearch help.

Semme wrote: And women!

Yes!

Was just gettig ready to post a similar link to this issue:

https://www.securityweek.com/tens-malic ... e-campaign


I know I am like a broken record as I keep saying this over the years, but STOP using any/all extensions in your browsers. Modify the browser about:config settings yourself (especially Firefox, Palemoon, Seamonkey). You can basically achieve everything you need and/or want by doing a little reading, research and also using (as others have noted) up-to-date block lists.

Regarding about:config (especially in Mozilla-based browsers), 8GEEE and myself have posted numerous times over the years what to modify there. In Chrome config settings, you are severely hamstrung by Google's mood/restrictions.

But in Mozilla-based browsers, there is ZERO reason to run any extension (save for one of the giant ad-blockers that are constantly tested and vetted by the community, i.e. you'd be hard-pressed to find anything better than Ublock Origin...there's a reason, for years now, why it is recommended over and over and over). But modify your about:config settings in your browsers, especially on booted up OSes you keep pristine only for sensitive, important stuff done online.

As the article notes above, using Chrome is and will continue to be a crap-shoot if one keeps on insisting using browser extensions for it (Mozilla-based is no different if you keep using them, especially the outdated extensions and/or the ones dropped by their original owners---which is what online hackers actually look for when targeting this vector).

If you are one of the ones who insist on using the Chrome-based browsers for your sensitive, important stuff online, do yourself a huge favor: STOP using all extensions for it (save for Ublock Origin and/or Ad-block). All others, never download them, never use them. It really is that simple.

Google itself is the first to admit they cannot stay on top of all the extensions and thus have little/zero time to vet them.


P.S. If you are a Mozilla-based user, also do yourself a big favor and pay attention to what Mozilla itself, not any 3rd party, is and has been doing with respect to Containers (and it's beyond easy to set up). It's 'Firefox Multi-Account Containers' is the single biggest thing they have done in years to vastly improve the browsers ability to protect you while online and, most importantly, protect you from yourself (i.e. insisting on clicking on the sexy (or whatever) picture and/or link to get a closer look).