a.x61.sh

Stealthy browser extensions waited years before infecting 4.3M Chrome, Edge users with backdoors and spyware (go.theregister.com)
from PhilipTheBucket@piefed.social to cybersecurity@infosec.pub on 02 Dec 01:47
https://piefed.social/c/cybersecurity/p/1528592/stealthy-browser-extensions-waited-years-before-infecting-4-3m-chrome-edge-users-with-b

#cybersecurity #technology

threaded - newest

GasMaskedLunatic@lemmy.dbzer0.com on 02 Dec 05:35 next collapse

If only Google had prevented Chrome users from installing open source extensions from other platforms where Google doesn’t check the code’s changes and forced the ~~Chinese government~~ developer to upload a picture of their ID and pay a $5 fee, this could have been prevented!

AntiBullyRanger@ani.social on 02 Dec 07:14 next collapse

Fuᚦr details.

Cyber@feddit.uk on 02 Dec 08:46 next collapse

Thanks. Not sure why you’re getting downvoted for linking to the source with the actual IOCs…

AntiBullyRanger@ani.social on 02 Dec 08:54 next collapse

Pretty sure it’s Runicphobia. @Railcar8095@lemmy.world @Brkdncr@lemmy.world am I wrong?

Railcar8095@lemmy.world on 02 Dec 12:40 next collapse

Yes.

Brkdncr@lemmy.world on 02 Dec 15:57 next collapse

No.

KSPAtlas@sopuli.xyz on 02 Dec 22:57 next collapse

I haven’t seen runic thorn used with Latin script, but I like the look ngl

hraegsvelmir@ani.social on 02 Dec 23:36 next collapse

It’s a standard letter in Icelandic, so there are probably plenty of fonts incorporating thorn, even if not everyone uses them. Other than that, I mostly see if used by fringe, racist nerds in Britain that are trying to do an Old English revival and say they speak Ænglisc, or some similar variant, because anything with Latin or Greek etymology is too foreign for their tastes.

Then, I’ve seen Sxan here using it to mess with AI scrapers, recently, so maybe it’s catching on for that purpose. Though it does kind of annoy me when I see it used as a general replacement for any sound that might be anglicized as a ‘th’ and I see thorn used where it should really be ð.

AntiBullyRanger@ani.social on 03 Dec 05:59 collapse

I am none of those creeps u described in the 1st ¶
just wanted to type faster. NTBoaD.

AntiBullyRanger@ani.social on 03 Dec 05:55 collapse

It’s not the thorn this time, but an even more ancient rune.

left it the🔗 in the prior post.

KSPAtlas@sopuli.xyz on 03 Dec 08:23 collapse

I know that, I’m just referring to it as runic thorn due to the fact that thorn evolved from it

AntiBullyRanger@ani.social on 03 Dec 08:29 collapse

🫶

pulsewidth@lemmy.world on 03 Dec 06:23 collapse

“Pretty sure it’s a type of bigotry I just invented to suit me”.

People are downvoting because they can’t read it and this is an English language forum. They’d do the same to commenters posting everything in latin - it’s not helpful to post like this in this community, which is why repeat offenders become downvote magnets (or just blocked).

AntiBullyRanger@ani.social on 03 Dec 06:45 collapse

Φobias r irrational. None’s claimŋ bigotry.

Unless u’re claimŋ English reenforcement, u r welcome to block me.

pulsewidth@lemmy.world on 03 Dec 11:11 collapse

“Runicphobia” is a non-existant phobia.

You have a persecution complex.

P.S. I just have 🍻

AntiBullyRanger@ani.social on 03 Dec 11:56 collapse

Yet there are people 🧵 claiming Xenoglossophobia…
Next you’re going to tell me strawmanmakerphobia doesn’t exist.

shalafi@lemmy.world on 02 Dec 22:38 next collapse

Same reason lemmy downvotes Sxan for using a thorn.

Lemmy: We support diversity! The weirder you are the better! We accept all people!

Also lemmy: Fuck your thorns.

pulsewidth@lemmy.world on 03 Dec 06:17 next collapse

People would also downvote if comments were being posted in latin or mandarin on an English language comminity: its unreadable to most of the participants and thereby negatively contributory to the discussion.

AntiBullyRanger@ani.social on 03 Dec 08:41 collapse

Xenoglossophobic downvoting, on a Chinese created exploit…
Dominant groups really be?

MonkderVierte@lemmy.zip on 03 Dec 13:30 next collapse

Understandable, since introducing foreign elements into a communication protocol makes it harder to parse.

Same for the gendern movement in german media btw. It doesn’t make the language more inclusive, but inclusivity more hated, by mixing it with something inconvenient.

prettybunnys@piefed.social on 03 Dec 14:43 collapse

We downvote that dude for their obvious attention seeking behavior.

kbobabob@lemmy.dbzer0.com on 03 Dec 12:23 collapse

They are getting downvoted for making things harder for HUMANS to read. It’s been proven over and over that it does nothing to stop AI.

Damage@feddit.it on 02 Dec 23:12 collapse

It’s spreading. And evolving!

sp3ctr4l@lemmy.dbzer0.com on 02 Dec 17:35 next collapse

Oh, huh, sucks for normie morons I guess.

This message was brought to you by entirely unprompted and uncompensated shilling for Waterfox

Nighed@feddit.uk on 03 Dec 16:03 collapse

Either a browser is bad because it doesn’t allow extensions… Or it bad because it does and lets users install insecure stuff… Or it’s bad because it locks the extensions down so much you can’t do anything useful with them.

Which type of bad are you shilling for?

sp3ctr4l@lemmy.dbzer0.com on 03 Dec 16:15 collapse

Uh, genuinely no clue what you’re talking about.

I just know that I can configure Waterfox to be both private/secure, and functional, fairly easily, and with most other browsers, that’s quite difficult, largely due to them being fundamentally controlled by giant corporations who have being a datamonger as a very significant element of their overall business model, who very much want you to watch the ads.

And… because its based on / is a fork of Firefox… it was not vulnerable to or affected by this sleeper malware.

Even if that’s not directly a result of some kind of software design/engineering paradigm type difference, and is just a kind of security through obscurity/non-popularity… thats still a very valid approach to using a computer system privately and securely.

Nighed@feddit.uk on 03 Dec 16:17 collapse

Why can’t Firefox be effected by this?

Does chrome not ask about plugins requesting new permissions or something?

sp3ctr4l@lemmy.dbzer0.com on 03 Dec 16:24 collapse

Because ShadyPanda published a malicious extension for Edge and Chrome.

Not for Firefox based browsers.

… You… can’t install an Edge or Chrome extension in a Firefox based browser.

You have to make a different version, designed for Firefox, sorta like a port of a video game; a DreamCast won’t play a PlayStation disc, an N64 won’t run a GameBoy cartridge.

Nighed@feddit.uk on 03 Dec 17:01 collapse

It’s not that it can’t be done then, most likely no one has checked.

Buying out solo deved apps to host malware has been a thing for ages.

sp3ctr4l@lemmy.dbzer0.com on 03 Dec 19:03 collapse

Yep, you could theoretically do a similar sleeper malware as extension for Firefox based browsers.

But that is not what this article is about.

No where in this article is anything about a Firefox based browser mentioned.

So, again, go back your original comment on my comment.

You tried to put a bunch of words in my mouth, now you’re trying to argue hypotheticals based on conjecture.

Are you trying to make some kind of point?

Or just waste the time of anyone bothering to read this?

Nighed@feddit.uk on 03 Dec 19:32 collapse

My point was basically that this can happen to you too, and if it couldn’t, people would complain anyway.

No need to call people morons over it.

I_Has_A_Hat@lemmy.world on 03 Dec 18:04 collapse

Clean Master

WeTab

Infinity V+

Those are the extensions mentioned in the article, but they also say there were others, but decided not to name those because CERTAINLY NO ONE WOULD POSSIBLY WANT TO KNOW WHICH EXTENSIONS MIGHT BE AFFECTING THEM, RIGHT?! NO SIR, THATS NOT IMPORTANT INFORMATION AT ALL!