Malware in the browser: how you might get hacked by a Chrome extension
Tags
attack-pattern: Data Model Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Browser Extensions - T1176 Third-Party Software - T1072
Show in Graph
Common Information
Type Value
UUID b4b17216-6e21-4ac5-a561-0f44cc58d9c0
Fingerprint 9c00b807a89504bf
Analysis status DONE
Considered CTI value 0
Text language
Published July 18, 2016, midnight
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Nov. 18, 2024, 2:36 a.m.
Headline OUTPUT
Title Malware in the browser: how you might get hacked by a Chrome extension
Detected Hints/Tags/Attributes 62/1/21
Source URLs
Redirection Url
Details Source https://kjaer.io/extension-malware/
URL Provider
Details Provider Source level domain
Details kjaer.io kjaer.io
Attributes
Details Type #Events CTI Value
Details Domain 1 
viralands.com
Details Domain 28 
date.now
Details Domain 49 
xhr.open
Details Domain 2 
chrome.runtime.id
Details Domain 1 
map.call
Details Domain 12 
chrome.storage
Details Domain 5 
data.id
Details File 86 
manifest.json
Details File 1 
query-string.js
Details File 4 
install.js
Details File 40 
background.js
Details File 365 
console.log
Details File 1 
external.js
Details File 2 
login_success.html
Details IPv4 1 
159.203.99.206
Details Url 1 
http://159.203.99.206/api/get
Details Url 1 
http://159.203.99.206/api/status
Details Url 1 
https://www.facebook.com/dialog/oauth?redirect_uri=http://www.facebook.com/connect/login_success.html&scope=email,publish_actions,user_about_me,user_actions.books,user_actions.music,user_actions.news,user_actions.video,user_activities,user_birthday,user_education_history,user_events,user_games_activity,user_groups,user_hometown,user_interests,user_likes,user_location,user_notes,user_photos,user_questions,user_relationship_details,user_relationships,user_religion_politics,user_status,user_subscriptions,user_videos,user_website,user_work_history,friends_about_me,friends_actions.books,friends_actions.music,friends_actions.news,friends_actions.video
Details Url 1 
http://159.203.99.206/api/gettoken
Details Url 1 
https://www.facebook.com/dialog/oauth?redirect_uri=http://www.facebook.com/connect/login_success.html
Details Url 1 
http://159.203.99.206/api/gettoken2