Ask HN: Help with suspected malware extension with 10M users
9 comments
You can add reviews under the chrome and firefox extensions to warn other users and then report both extensions (assuming you are confident about your findings).
More of a meta comment: this is pretty much why I don't install any extensions in my browser except an ad blocker.
You can use this as an opportunity to teach your friend about security so it doesn't happen again.
More of a meta comment: this is pretty much why I don't install any extensions in my browser except an ad blocker.
You can use this as an opportunity to teach your friend about security so it doesn't happen again.
I'm still trying to setup a vm so I can analyze this extension in a quarantine.
> What is the best course of action here? Where can we report this?
There is a huge button "Report this add-on for abuse" on every single extension page on addons.mozilla.org.
There is a huge button "Report this add-on for abuse" on every single extension page on addons.mozilla.org.
Firefox recently added capability to remotely disable extensions [1]. Although I was also concerned with the feature when I saw it, I can see how that would be useful in exactly this scenario.
* - https://news.ycombinator.com/item?id=36602193
* - https://news.ycombinator.com/item?id=36602193
There really need to be some extension store changes. The stores as they exist are not sustainable. Just spitballing:
- No binary or closed source releases, Google/Mozilla compile from a public source.
- More zealous restrictions (which admitedly Google is already heading towards)
- Big fat warnings when accessing cookies or secure fields like passwords or CC. If this makes password managers look scary, good, they should look scary.
- No binary or closed source releases, Google/Mozilla compile from a public source.
- More zealous restrictions (which admitedly Google is already heading towards)
- Big fat warnings when accessing cookies or secure fields like passwords or CC. If this makes password managers look scary, good, they should look scary.
> No binary or closed source releases
I suspect it wouldn't be that much trouble to include obfuscated spyware into the sources though. It may make it easier to catch, but it wouldn't prevent mass users from upgrading before it's stopped.
I suspect it wouldn't be that much trouble to include obfuscated spyware into the sources though. It may make it easier to catch, but it wouldn't prevent mass users from upgrading before it's stopped.
True.
But it would still be a minor deterrent, it would disrupt the common mechanism (buy a popular app, close source it) these acquirers operate with, and it would leave some proof of malice behind.
But it would still be a minor deterrent, it would disrupt the common mechanism (buy a popular app, close source it) these acquirers operate with, and it would leave some proof of malice behind.
I looked at it a little bit and didn't find anything super obvious about collecting info but it does look like it injects ads for their own services into google search results
[deleted]
Looking into WebChatGPT:
- It has full access to all sites
- Extension was recently sold by owner [2]
- Latest release [3] doesn't match any new commits in the open-source repo [4].
- The last change in the repo removes sponsor link for buy me a coffee
- Someone opened an issue on the repo calling out spyware [5]
What is the best course of action here? Where can we report this? I am going to try to download the extension and follow where the data is sent.
* 1 https://tools.zmo.ai/webchatgpt
* 2 https://www.buymeacoffee.com/anzorq
* 3 https://addons.mozilla.org/en-US/firefox/addon/web-chatgpt/versions/
* 4 https://github.com/interstellard/chatgpt-advanced
* 5 https://github.com/interstellard/chatgpt-advanced/issues/203