Results 1 to 1 of 1
- Join Date
- Nov 2009
Nano Adblocker and Defender Marked As Malware in Chrome
A very good article that is being updated as more is revealed: https://chris.partridge.tech/2020/ex...elp-for-users/
16 days ago, the then developer of the Nano Defender browser extension revealed that he was in the process of selling it.
After a rather slow week, an update appeared for Nano Defender. The two main finds from examining the code were that the extension would react to the opening of dev tools, presumably to change its behaviour (dev tools being a tool to verify what the extension did), and that it was set to execute unknown commands (the code contained a placeholder that would take orders from a list not in the code).
Nano Defender enjoyed extensive authorizations on Chrome.
A few hours ago, Nano Defender was removed from the Chrome store and automatically deactivated on all Chrome browsers, as it was classified as malware.
The incriminating update was released at least 4 days ago. The code is still being examined; at the moment, it's certain that it imported at least the cookies and sessions.
I am not clear on the details, but this seems to mean that the hackers can still enter sessions on websites you logged in and did not log out. Someone with better knowledge here could give an opinion.
It does not appear that the update had any effect in Firefox, where the extension is under a different maintainer, while the Microsoft Store version was still under the original developer.
It is worth keeping an eye out, as fake clones of Nano Defender have been reported in the Chrome Store, now that the authentic one isn't available on the store any more.
The first report of the code: https://github.com/NanoAdblocker/Nan...ment-709428210
the discussion about the sale: https://github.com/NanoAdblocker/NanoCore/issues/362
about what the update did: https://github.com/jspenguin2017/Sni...ment-712448295 (research still ongoing) the thread also contains advice on what to do about the cookies.
ghacks article https://www.ghacks.net/2020/10/16/ti...xcept-firefox/
Some time ago, in the thread about ads, I wrote that extensions weren't really reliable. Honestly, while I rationally knew that it was true, I didn't really think that was right -- there is a difference between installing random stuff and installing a well-known extension that's been updated for years by a developer with a fairly clear web presence. That the extension would change ownership without notification was a big surprise. The Microsoft Store apparently doesn't allow this sort of exchange, which, at least in theory, means that a user base cannot be migrated to a new developer without knowing (unless someone also sells the access data and cedes the profile together with the app, which could appen e.g. if the developer is bought). It definitely looks like a more serious approach on the side of Microsoft.
Last edited by Vinyadan; 2020-10-20 at 05:40 PM.Originally Posted by J.R.R. Tolkien, 1955