Closed Bug 1601546 Opened 3 years ago Closed 3 years ago

Extension Block Request: Free Online Video Downloader – use of www.onlinevideoconverter.com services

Categories

(Toolkit :: Blocklist Policy Requests, task)

task
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: grahamperrin, Assigned: TheOne)

Details

Attachments

(3 files)

Extension name Free Online Video Downloader – use of www.onlinevideoconverter.com services
Extension versions affected <all versions>
Platforms affected <all platforms>
Block severity hard

Reason

Use of the service at this address:

hxxps://www.onlinevideoconverter.com/en/youtube-converter

– led to a site with malicious intent, after a supposed error during conversion.

As far as I can tell, the extension relies upon services at www.onlinevideoconverter.com

www.onlinevideoconverter.com is already blocked by Malwarebytes Browser Guard

because it may contain pup activity.

Extension IDs

{98222415-4241-4b89-b81d-651c1a872881}

Additional Information

Outline

I pasted:

hxxps://www.youtube.com/watch?v=lhWbo135Efc

– into the field at

hxxps://www.onlinevideoconverter.com/en/youtube-converter

Some time after clicking START:

Oops! An error has occurred, please try converting again.

BACK HOME

I clicked BACK HOME

hxxps://opgolan.com/?rb=Omi-kDfi3SRDBuPq6ivl8WAS3SIeSsyWZ6-wG8enAC89zdREOm4dsOhAccPq_e0QTKQe1lvlv_kctUNsrtCTkJA84Ey112dAakUtrSG7dLAES3YQ2m7c5jqLKqLuGn88pFNd0HDQ1wNFxah9YHio30YmVH50kVZrAPFBgpqLc8ybOX8lqxXSMLfNs_HQ9EV4j7ni-OnZnag6TK4VVRDzObvRpWYLVq6JiAcWLjIfoQ97wJRQhW9oT9izZBO7JQ2Z&zoneid=2790855&fs=1&cf=1&sw=1920&sh=1080&sah=1080&wx=172&wy=0&ww=1748&wh=1057&cw=1748&wiw=1748&wih=956&wfc=2&pl=https%3A%2F%2Fwww.onlinevideoconverter.com%2Fen%2Fyoutube-converter&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1

redirect

hxxps://opgolan.com/afu.php?zoneid=1407888&var=2790855

hxxp://bitcoinnewstoday.me/uk/news/?_subid=3cjepc2gb5f93se&_token=uuid_3cjepc2gb5f93se_3cjepc2gb5f93se5de88c34bb4d18.86966532

In the status bar:

waiting for trackout.business…

hxxp://bitcoinnewstoday.me/uk/news/?_subid=3cjepc2gb5f93se&_token=uuid_3cjepc2gb5f93se_3cjepc2gb5f93se5de88c34bb4d18.86966532#

Major

fakery, with an appearance resembling the Mirror online

Student Reveals How He Earns More Than £40,000 Every Month Working From Home

– comparable to bug 1598242 comment 0

Screen recording

Available on request.

The full recording 2019-12-05 04:31.mp4 is thirty-six minutes long, 87.1 MiB, I imagine that you'll want only the short section where use of hxxps://www.onlinevideoconverter.com/en/youtube-converter leads directly to the fake page.

Side note: another spin-off from the full recording is theconversionpros.com - Newest IP or URL Threats - Malwarebytes Forums

AMO URLs

https://addons.mozilla.org/en-GB/firefox/addon/online-video-downloader/

https://addons.mozilla.org/en-GB/firefox/addon/online-video-downloader/versions/

https://addons.mozilla.org/en-GB/firefox/user/4835094/
https://addons.mozilla.org/en-GB/firefox/user/4835094/?page_e=2

GRoblin

The click on BACK HOME

Unexpected new tab with opgolan.com content.

There was no good reason for the offending site to open a new tab when I simply aimed to go back.

Malicious (fake) bitcoinnewstoday.me content loading in the unexpected new tab.

This add-on violates Mozilla's add-on policies by facilitating access to malicious web content and software.

Assignee: nobody → awagner
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

The block has been pushed.

Group: blocklist-requests
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.