News:

Willkommen im Notebookcheck.com Forum! Hier können sie über alle unsere Artikel und allgemein über Notebook relevante Dinge disuktieren. Viel Spass!

Main Menu

Post reply

The message has the following error or errors that must be corrected before continuing:
Warning: this topic has not been posted in for at least 120 days.
Unless you're sure you want to reply, please consider starting a new topic.
Other options
Verification:
Please leave this box empty:

Shortcuts: ALT+S post or ALT+P preview

Topic summary

Posted by Mikemail
 - June 20, 2020, 16:00:27
"malicious domain registrar, GalComm"

Were they the malicious actor, or did someone else register the domains through them?
Posted by Henry Soul
 - June 20, 2020, 10:28:26
It's ironic that the origin of these malware-ridden extensions is the same country that produces the Intel chips with security 'vulnerabilities' in them. The names of the extensions are as follows:

name_slug
securify-for-chrome
browse-safer
search-manager
doctopdf
easyconvertdefault-search
easyconvert
bytefence-secure-browsing
browsing-protector
secure-web-searching
easyconvert
viewpdf
viewpdf
quickmail
search-manager
search-manager
bytefence-secure-browsing
search-manager
secured-search-extension
search-manager
thedocpdfconverter
search-manager
search-manager
viewpdf
search-manager
viewpdf
viewpdf
gofiletopdf
doctopdf
doctopdf
doctopdf
viewpdf
bytefence-secure-browsing
search-manager
browsing-safety-checker
viewpdf
search-manager
pdf-opener
search-manager
viewpdf
easyconvert
securify-for-chrome
doctopdf
search-manager
pdf-opener
search-manager
doctopdf
search-manager
pdf-opener
thedocpdfconverter
doctopdf
pdf-opener
search-manager
ttab
mydocstopdf
doctopdf
thedocpdfconverter
easyconvert
pdf-opener
theeasywaypro
viewpdf
viewpdf
viewpdf
viewpdf
search-manager
search-by-convertfilenow
quicklogin
pdf-opener
easyconvert
easyconvert
mydocstopdf
doctopdf
easyconvert
mydocstopdf
pdf-ninja-converter
pdf2doc
thesecuredweb-protected-b
easyconvert
search-by-convertpdfpro
convertwordtopdf
Posted by A
 - June 20, 2020, 05:02:23
What extensions need is url level permissions and cookie permissions. So you can control which urls each extension can communicate with or which url it can set cookies for.
Posted by Rick1024
 - June 19, 2020, 22:11:59
Control A to copy the list then open a Google Sheet (probably work in Excel Also), then click into the top left cell. Right click and Select Paste Special, then Select Paste Values Only

This will paste it neatly into Rows and Columns in Sheets and make it very readable.
Posted by KernellPanic
 - June 19, 2020, 21:07:26
Resumed list:

- doc to pdf
- search manager (switch bing, yahoo, google)
- quick mail
- view PDF
Posted by _MT_
 - June 19, 2020, 20:58:38
It's a TSV file (tabulator separated values). Just open a spreadsheet editor and import it.
Posted by Bhasker Thodla
 - June 19, 2020, 20:43:25
I saved the file as a text file with a CSV extension and opened it with Excel to get a table. Not sure if I can post it here but it worked.
Posted by Andy M
 - June 19, 2020, 19:02:55
That list is unreadable.
Posted by Rif
 - June 19, 2020, 17:43:47
List? Do you mean "WORD"?
Posted by John Fish
 - June 19, 2020, 17:13:31
Nice 'list', 28,000 words with no formatting.
Posted by John McCormick
 - June 19, 2020, 16:59:29
That is the ugliest formatting I have seen in a while, eve a Pastebin would have looked better.
Posted by Vivian
 - June 19, 2020, 16:25:04
If Awake can post simple plain text name of these chrome extension, it might be more user friendly.
Well, even though I don't use Chrome for eons already, I am still interested in whether these plugin are cross platform, and whether these threat actor also tried to penetrate via other browser.
Lets hope Google might try to improve privacy on Chrome in near future, unlikely, but one can hope.
Posted by Redaktion
 - June 19, 2020, 13:57:19
A report by Awake Security indicates that 70 Google Chrome extensions, downloaded by over 32 million people, have been stealing user data and browsing history on a massive scale. The large-scale operation was enabled by a malicious domain registrar, GalComm.

https://www.notebookcheck.net/Massive-criminal-surveillance-campaign-of-malicious-Google-Chrome-extensions-stole-data-from-over-32-million-users-do-you-have-these-installed.476943.0.html