1504619 - "Google Translate with Right Click" add-on is spying on users

Status: RESOLVED FIXED

(Toolkit :: Blocklist Policy Requests, defect)

Description

[david]

Attachment: the offending add-on

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:63.0) Gecko/20100101 Firefox/63.0

Steps to reproduce:

Install "Google Translate with Right Click" add-on: https://addons.mozilla.org/en-US/firefox/addon/google-translator-right-click/


Actual results:

A hook is installed that can send data from my computer to arbitrary destinations.


Expected results:

No such hook should be installed.

I am reporting this issue because I believe that the "Google Translate with Right Click" add-on has been compromised. It was recently updated requesting permissions for all content on all pages. When I checked the files in the updated add-on, I saw that it nows has a `bgd.js` file that is run in the background on every page. This script is minified and obsfucated, and it appears to create a hidden iframe on every page. When a page sends a message to the hook in this add-on, the add-on appears to read files from the user's computer and send them to the destination specified in the message.

Comment 1

[Andreas Wagner [:TheOne] [use NI]]

Let's block the add-on due to the malicious/deceptive behavior. The malicious code looks dead in the latest version, but there are clones using similar or same code. IDs to block:

{b384b75c-c978-4c4d-b3cf-62a82d8f8f12}
{b471eba0-dc87-495e-bb4f-dc02c8b1dc39}
{36f623de-750c-4498-a5d3-ac720e6bfea3}

Comment 2

[Andreas Wagner [:TheOne] [use NI]]

The block has been staged. Jorge, can you please review and push?

Comment 3

[Stuart Colville [:muffinresearch]]

Review and approved.

Comment 4

[User Dderss]

Thanks.

There is a fresh extension from a new developer that provides the same functionality:

https://addons.mozilla.org/firefox/addon/google-translate-within-page/

Is it also malware or it is fine?