Looking At Chrome Extensions That Hijack Search — Spread Via Malvertising
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Domains - T1583.001 Domains - T1584.001 Malvertising - T1583.008 Search Engines - T1593.002 Browser Extensions - T1176 |
Common Information
| Type | Value |
|---|---|
| UUID | 4c923f66-49a8-4a81-9d40-77fce8c026d5 |
| Fingerprint | 10009aa300840f78 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | June 30, 2021, 1:06 p.m. |
| Added to db | Dec. 21, 2022, 4:43 p.m. |
| Last updated | Nov. 17, 2024, 9:55 a.m. |
| Headline | Looking At Chrome Extensions That Hijack Search — Spread Via Malvertising |
| Title | Looking At Chrome Extensions That Hijack Search — Spread Via Malvertising |
| Detected Hints/Tags/Attributes | 33/2/54 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 29 | ✔ | Confiant - Medium | https://blog.confiant.com/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 6 | clients2.google.com |
|
| Details | Domain | 2 | chrome.runtime.id |
|
| Details | Domain | 1 | fxsmash.xyz |
|
| Details | Domain | 1 | tabit.id |
|
| Details | Domain | 1 | oo.co |
|
| Details | Domain | 1 | mages.se |
|
| Details | Domain | 1 | mkkq.xyz |
|
| Details | Domain | 1 | nowinstall.xyz |
|
| Details | Domain | 1 | skiss.xyz |
|
| Details | Domain | 1 | umxs.xyz |
|
| Details | Domain | 1 | byyr.xyz |
|
| Details | Domain | 1 | fxsmash.com |
|
| Details | Domain | 6 | developer.chrome.com |
|
| Details | File | 86 | manifest.json |
|
| Details | File | 2 | color.js |
|
| Details | File | 3 | 128.png |
|
| Details | File | 3 | popup.html |
|
| Details | File | 2 | computed_hashes.json |
|
| Details | File | 2 | verified_contents.json |
|
| Details | File | 1 | popup.css |
|
| Details | File | 4 | popup.js |
|
| Details | File | 1 | artistic.js |
|
| Details | File | 1 | bluish.js |
|
| Details | File | 1 | comic.js |
|
| Details | File | 1 | css3.js |
|
| Details | File | 1 | drawing.js |
|
| Details | File | 1 | favorite.js |
|
| Details | File | 2 | game.js |
|
| Details | File | 1 | hues.js |
|
| Details | File | 1 | large.js |
|
| Details | File | 1 | material.js |
|
| Details | File | 1 | monitor.js |
|
| Details | File | 1 | notify.js |
|
| Details | File | 1 | popular.js |
|
| Details | File | 1 | rainbow.js |
|
| Details | File | 2 | random.js |
|
| Details | File | 1 | safe.js |
|
| Details | File | 1 | spectrum.js |
|
| Details | File | 1 | ui.js |
|
| Details | File | 1 | mnc.php |
|
| Details | File | 13 | chrome.tab |
|
| Details | File | 1 | chrinstall.php |
|
| Details | File | 1 | tu.inc |
|
| Details | File | 1 | tabit.url |
|
| Details | File | 1 | indextwo.html |
|
| Details | Url | 2 | https://clients2.google.com/service/update2/crx |
|
| Details | Url | 1 | https://fxsmash.xyz/mnc.php?q= |
|
| Details | Url | 1 | https://fxsmash.xyz/chrinstall.php |
|
| Details | Url | 1 | https://mkkq.xyz/new/pr/continue/indextwo.html |
|
| Details | Url | 1 | https://nowinstall.xyz/new/pr/continue/indextwo.html |
|
| Details | Url | 1 | https://skiss.xyz/new/pr/continue/indextwo.html |
|
| Details | Url | 1 | https://umxs.xyz/new/pr/continue/indextwo.html |
|
| Details | Url | 1 | https://byyr.xyz/new/pr/continue/indextwo.html |
|
| Details | Url | 1 | https://developer.chrome.com/docs/webstore/program_policies |