Support the GITP forums on Patreon
Help support GITP's forums (and ongoing server maintenance) via Patreon
Results 1 to 1 of 1
  1. - Top - End - #1
    Ettin in the Playground
     
    Vinyadan's Avatar

    Join Date
    Nov 2009
    Gender
    Male

    Thumbs down Nano Adblocker and Defender Marked As Malware in Chrome

    A very good article that is being updated as more is revealed: https://chris.partridge.tech/2020/ex...elp-for-users/

    16 days ago, the then developer of the Nano Defender browser extension revealed that he was in the process of selling it.

    After a rather slow week, an update appeared for Nano Defender. The two main finds from examining the code were that the extension would react to the opening of dev tools, presumably to change its behaviour (dev tools being a tool to verify what the extension did), and that it was set to execute unknown commands (the code contained a placeholder that would take orders from a list not in the code).

    Nano Defender enjoyed extensive authorizations on Chrome.

    A few hours ago, Nano Defender was removed from the Chrome store and automatically deactivated on all Chrome browsers, as it was classified as malware.

    The incriminating update was released at least 4 days ago. The code is still being examined; at the moment, it's certain that it imported at least the cookies and sessions.

    I am not clear on the details, but this seems to mean that the hackers can still enter sessions on websites you logged in and did not log out. Someone with better knowledge here could give an opinion.

    It does not appear that the update had any effect in Firefox, where the extension is under a different maintainer, while the Microsoft Store version was still under the original developer.

    It is worth keeping an eye out, as fake clones of Nano Defender have been reported in the Chrome Store, now that the authentic one isn't available on the store any more.

    The first report of the code: https://github.com/NanoAdblocker/Nan...ment-709428210
    the discussion about the sale: https://github.com/NanoAdblocker/NanoCore/issues/362
    about what the update did: https://github.com/jspenguin2017/Sni...ment-712448295 (research still ongoing) the thread also contains advice on what to do about the cookies.
    ghacks article https://www.ghacks.net/2020/10/16/ti...xcept-firefox/

    Some time ago, in the thread about ads, I wrote that extensions weren't really reliable. Honestly, while I rationally knew that it was true, I didn't really think that was right -- there is a difference between installing random stuff and installing a well-known extension that's been updated for years by a developer with a fairly clear web presence. That the extension would change ownership without notification was a big surprise. The Microsoft Store apparently doesn't allow this sort of exchange, which, at least in theory, means that a user base cannot be migrated to a new developer without knowing (unless someone also sells the access data and cedes the profile together with the app, which could appen e.g. if the developer is bought). It definitely looks like a more serious approach on the side of Microsoft.
    Last edited by Vinyadan; 2020-10-20 at 05:40 PM.
    Quote Originally Posted by J.R.R. Tolkien, 1955
    I thought Tom Bombadil dreadful but worse still was the announcer's preliminary remarks that Goldberry was his daughter (!), and that Willowman was an ally of Mordor (!!).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •