The extensions share other skeptical or suspicious similarities. Many code in each one is very full, which is choosing a design that does not provide any benefit other than the complexity of the process to analyze and understand how it is behaved.
All of them except one of them Incomplete In the Chrome store on the web. This appointment makes a visible extension for users only with the long Pseudorandom series in the URL extension, and therefore, they do not appear in the web store or search results for the search engine. It is not clear how these unlikely 35 extensions could have brought 4 million collectively installation, or on average approximately 114,000 installation operations for each supplement, when it was difficult to find.
In addition, 10 of them are sealed with a “distinctive” naming, which Reserves For developers whose identities have been verified and “follow our best technical practices and meet a high level of user experience and design.”
One example is the extension Protect the extension of the fire shieldWhich, from paradoxes, allegedly check the chrome facilities for any suspicious or harmful accessories. One of the main JavaScript files that the references are running several areas of doubtful, where they can download data and download instructions and symbol:
URL addresses to protect the extension of the shield of fire in the code.
Credit: A safe supplement
One field in particular – Unknown.com – Set in the remaining 34 app.
Tokner tried to analyze what the extensions did on this site, but it was largely frustrated by the exciting code and the other steps taken by the developer to hide their behavior. When the researcher, for example, operated the shield of fire on a laboratory device, he opened an empty web page. Click on the icon of the extension of the option list stabilizer, but Fire Shield did not offer anything when he did so. Then Tuckner launched a Background service worker In Chrome tools to find evidence about what was happening. I soon realized that the connected extension entitled URL on Fireshieldit.com and performed some procedures under the general category “Browser_Artion_clicked”. Try to run additional events, but it came empty -handed.
