Extension Block Request: Some key loggers and fake anti-virus/VPN
Categories
(Toolkit :: Blocklist Policy Requests, task)
Tracking
()
People
(Reporter: robwu, Assigned: Fallen)
Details
| Extension name | Some key loggers and fake anti-virus/VPN |
| Extension versions affected | <all versions> |
| Platforms affected | <all platforms> |
| Block severity | hard |
Reason
Collecting ancillary user data against our policies.
Extension IDs
{992e4d3d-f56b-4f71-b826-0dd976681228}
{d7ef08b6-ef77-43b6-ad60-74ea67495674}
{78a02646-2bf6-417e-9498-32f29a4ef89a}
{c516baf9-a911-453e-be0e-26389cfb33ac}
{a669b31a-3a2b-4c75-838c-a8542f77c79f}
{87ea875a-396a-4c7b-b202-cecd5a4fe0d4}
{63d83b36-a85c-4b51-8f68-8eb6c0ea6922}
{fb182266-3336-4dcb-8898-859affe73e7f}
{af35bf73-7d25-4286-9be6-fa822818ac82}
{5d4c1f36-196d-4e9a-909b-8ad138546f79}
{7bdac7a1-be1d-4ecd-8cf1-a1db64adfaaf}
Additional Information
Fake flash with keylogger:
{992e4d3d-f56b-4f71-b826-0dd976681228}
{d7ef08b6-ef77-43b6-ad60-74ea67495674}
"Age Verify online", key logger similar to bug 1549214
{78a02646-2bf6-417e-9498-32f29a4ef89a}
Keyloggers, similar to bug 1553857:
{c516baf9-a911-453e-be0e-26389cfb33ac} "Cookie BG Picker"
{a669b31a-3a2b-4c75-838c-a8542f77c79f} "Dynamic theme view"
{87ea875a-396a-4c7b-b202-cecd5a4fe0d4} "Easy Screenshot"
{fb182266-3336-4dcb-8898-859affe73e7f} "ScreenshotEasy"
More key loggers, like bug 1553857 but with a different signature:
{63d83b36-a85c-4b51-8f68-8eb6c0ea6922} "Anti-malware pro"
{af35bf73-7d25-4286-9be6-fa822818ac82} "Anti-malware pro"
Fake antivirus and fake VPN (RCE in js/Background.js which is loaded as a content script):
{5d4c1f36-196d-4e9a-909b-8ad138546f79}
{7bdac7a1-be1d-4ecd-8cf1-a1db64adfaaf}
|
Assignee | |
Comment 1•5 years ago
|
||
I’ve reviewed the add-on and confirmed that it is executing remote code.
|
|
Assignee | |
Comment 2•5 years ago
•
|
||
Expanding this to all add-ons not yet blocked from involved users :
spp@avast.com
{056790bb-9676-40fb-845a-feae6dedfbee}
{15d51e39-3ccf-4ce2-a434-dbbf1785e867}
{2bbdf86f-3c6b-48d6-9934-9051ce5f5976}
{2f6d1519-33b5-4970-a7ec-561f5e067ba0}
{2fd10339-a9db-4846-bdd7-ee41cea97312}
{31390faf-ef95-4f4b-a1a4-3c3a09dd7b5a}
{411bfbf9-646d-401c-b87d-e77d812a68ce}
{44e4b2cf-77ba-4f76-aca7-f3fcbc2dda2f}
{5422d0cd-3b45-4fcd-9886-463be7e1a05f}
{5ae5a1f8-a994-4e61-8c99-54a9fe58a9c4}
{5d4c1f36-196d-4e9a-909b-8ad138546f79}
{7150cd87-1b5f-41ea-b659-5cae4b753e2d}
{78a02646-2bf6-417e-9498-32f29a4ef89a}
{7bdac7a1-be1d-4ecd-8cf1-a1db64adfaaf}
{80686e70-c06a-4ab3-b7bf-fd4c05985c1b}
{83830f14-c5d0-4546-af99-cbaba3ab832d}
{869a5e06-732e-4635-8da3-90a2802f9c80}
{87ea875a-396a-4c7b-b202-cecd5a4fe0d4}
{94847025-c5a9-4dd7-83df-54c17b79eeb8}
{992e4d3d-f56b-4f71-b826-0dd976681228}
{a259d36e-9c24-4216-8b28-d3e83c07a832}
{a669b31a-3a2b-4c75-838c-a8542f77c79f}
{af35bf73-7d25-4286-9be6-fa822818ac82}
{b01f0319-b398-4a6e-b9c9-e59e2d99eee7}
{c516baf9-a911-453e-be0e-26389cfb33ac}
{c88fc74d-31b5-40d4-bb8a-008f2d7a1ea0}
{ca6b87f3-2d8b-49ea-9627-95e900c5f108}
{cdc01730-6108-4581-b5da-36f7fa8e3d2e}
{cfbbd54d-26dd-4f20-b0c9-26b2d920bc04}
{d384c2ef-9e42-4dfa-bba5-73b9b6ad2e61}
{d7ef08b6-ef77-43b6-ad60-74ea67495674}
{dec788dd-9a21-416d-91c7-bf79250cab04}
{fb182266-3336-4dcb-8898-859affe73e7f}
{fe17e98b-1ed8-45fe-a6e5-8280902d2500}
{febfdee8-5724-4aea-8b70-6be9e22248fc}
{ff471567-6ff5-48d9-8db6-d2c9134f0aed}
(Update: added a few more and changed the kinto entry)
|
|
Assignee | |
Comment 3•5 years ago
|
||
The block has been staged. Stuart, can you review and push?
|
||
Comment 4•5 years ago
|
||
{63d83b36-a85c-4b51-8f68-8eb6c0ea6922} from the list of guids in the original report isn't matched.
|
|
||
Comment 5•5 years ago
|
||
The guid in comment 4 was covered in a different bug. Approved and pushed
|
|
Assignee | |
Updated•5 years ago
|
Description
•