谷歌昨日从 Chrome 网上应用店中删除了 32 个恶意扩展程序,这些扩展程序可能会改变搜索结果并推送垃圾邮件或不需要的广告。总的来说,它们的下载量为 7500 万。
这些扩展具有合法功能,可以让用户不知道混淆代码中用于传递有效负载的恶意行为。
网络安全研究员 Wladimir Palant 分析了 Chrome 网上应用店提供的 PDF 工具箱扩展(200 万次下载),发现它包含伪装成合法扩展 API 包装器的代码。
安装量最大的几个恶意插件:
- Youtube 的 Autoskip——900 万活跃用户
- Soundboost——690 万活跃用户
- Crystal Ad block——680万活跃用户
- Brisk VPN – 560 万活跃用户
- 剪贴板助手——350 万活跃用户
- Maxi Refresher——350 万活跃用户
- 其他带后面的浏览器插件的ID
扩展 ID:
aeclplbmglgjpfaikihdlkjhgegehbbf
afffieldplmegknlfkicedfpbbdbpaef
ajneghihjbebmnljfhlpdmjjpifeaokc
ameggholdkgkdepolbiaekmhjiaiiccg
bafbedjnnjkjjjelgblfbddajjgcpndi
bahogceckergcanpcoabcdgmoidngedmfo
bikjmmacnlceobeapchfnlcekincgkng
bkbdedlenkomhjbfljaopfbmimhdgenl
bkflddlohelgdmjoehphbkfallnbompm
bkpdalonclochcahhipekbnedhklcdnp
bppfigeglphkpioihhhpbpgcnnhpogki
cajcbolfepkcgbgafllkjfnokncgibpd
ciifcakemmcbbdpmljdohdmbodagmela
deebfeldnfhemlnidojiiiadkgnglpi
diapmightkmmnpmdkfnmlbpkjkealjojg
dlnanhjfdjgnnmbajgikidobcbfpnblp
dppnhoaonckcimpejpjodcdoenfjleme
edadmcnnkkkgmofibeehgaffppadbnbi
edaflgnfadlopeefcbdlcnjnfkefkhio
edailiddamlkedgjaoialogpllocmgjg
edmmaocllgjakiiilohibgicdjndkljp
eibcbmdmfcgklpkghpkojpaedhloemhi
enofnamganfiiidbpcmcihkihfmfpobo
epmmfnfpkjjhgikijelhmomnbeneepbe
fcndjoibnbpijadgnjjkfmmjbgjmbadk
fejgiddmdpgdmhhdjbophmflidmdpgdi
ffiddnnfloiehekhgfjpphceidalmmgd
fgpeefdjgfeoioneknokbpficnpkddbl
fhnlapempodiikihjeggpacnefpdemam
finepngcchiffimedhcfmmlkgjmeokpp
flmihfcdcgigpfcfjpdcniidbfnffdcf
fpfmkkljdiofokoikgglafnfmmffmmhc
gdlbpbalajnhpfklckhciopjlbbiepkn
geokkpbkfpghbjdgbganjkgfhaafmhbo
gfbgiekofllpkpaoadjhbbfnljbcimoh
ghabgolckcdgbbffijkkpamcphkfihgm
glfondjanahgpmkgjggafhdnbbcidhgf
gliolnahchemnmdjengkkdhcpdfehkhi
gnmjmennllheofmojjffnidneaohleln
hdgdghnfcappcodemanhafioghjhlbpb
hdifogmldkmbjgbgffmkphfhpdfhjgmh
hhhbnnlkhiajhlfmedeifcniniopfaoo
higffkkddppmfcpkcolamkhcknhfhdlo
hmakjfeknhkfmlckieeepnnldblejdbd
icnekagcncdgpdnpoecofjinkplbnocm
iejlgecgghdfhnappmejmhkgkkakbefg
igefbihdjhmkhnofbmnaglkafpaancf
igfpifinmdgadnepcpbddpndnlkdela
iicpikopjmmincpjkckdngpkmlcchold
imfnolmlkamfkegkhlpofldehcfghkhk
jbolpidmijgjfkcpndcngibedciomlhd
jjooglnnhopdfiiccjbkjdcpplgdkbmo
jlhmhmjkoklbnjjocicepjjjpnnbhodj
kafnldcilonjofafnggijbhknjhpffcd
keecjmliebjajodgnbcegpmnalopnfcb
kjeffohcijbnlkgoaibmdcfconakaajm
lcdaafomaehnnhjgbgbdpgpagfcfgddg
lgjdgmdbfhobkdbcjnpnlmhnplnidkkp
lhpbjmgkppampoeecnlfibfgodkfmapd
likbpmomddfoeelgcmmgilhmefinonpo
lipmdblppejomolopniipdjlpfjcojob
lklmhefoneonjalpjcnhaidnodopinib
llcogfahhcbonemgkdjcjclaahplbldg
lmcboojgmmaafdmgacncdpjnpnnhpmei
lpejglcfpkpbjhmnnmpmmlpblkcmdgmi
magnkhldhhgdlhikeighmhlhonpmlolk
mcmdolplhpeopapnlpbjceoofpgmkahc
meljmedplehjlnnaempfdoecookjenph
nadenkhojomjfdcppbhhncbfakfjiabp
nbocmbonjfbpnolapbknojklafhkmplk
ngbglchnipjlikkfpfgickhnlpchdlco
njglkaigokomacaljolalkopeonkpbik
obeokabcpoilgegepbhlcleanmpgkhcp
obfdmhekhgnjollgnhjhedapplpmbpka
oejfpkocfgochpkljdlmcnibecancpnl
okclicinnbnfkgchommiamjnkjcibfid
olkcbimhgpenhcboejacjpmohcincfdb
ooaehdahoiljphlijlaplnbeaeeimhbb
pbdpfhmbdldfoiognphkiocpidecmbp
pbebadpeajadcmaoofljnnfgofehnpeo
pidecdgcabcolloikegacdjejomeodji
pinnfpbpjancnbidnnhpemakncopaega
