Beware Malicious Chrome Extensions!
HTML-код
- Опубликовано: 6 июл 2024
- Protect your browsing with Guardio, plus get a 20% discount every month for a year, with a free 7 day free trial ⇨ guard.io/thiojoe (Sponsored)
• Article About FakeGPT Malicious Extensions: labs.guard.io/fakegpt-2-open-...
Batch File for Removing Management Policies: support.google.com/chrome/thr...
(Note: If you use Windows 10 or 11 Pro, the batch file will probably erase all policy settings you've changed)
▼ Time Stamps: ▼
0:00 - Intro
1:12 - Where Do They Come From?
1:18 - Chrome Web Store
2:18 - A Very Excellent Thing
3:49 - Installed by Malware
5:59 - Side-Loaded
6:29 - Types of Malicious Extensions
8:31 - Ways to Avoid Them
9:09 - Web Store Badges
10:30 - Reviews and Extension Age
10:58 - Check the Website
11:51 - Chrome Enhanced Protection
12:48 - How to Remove Them
13:19 - Removing Management Policies
14:52 - Task Scheduler
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Merch ⇨ teespring.com/stores/thiojoe
⇨ / thiojoe
⇨ / thiojoe
⇨ / thiojoetv
My Gear & Equipment ⇨ kit.co/ThioJoe
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ 
Наука
I will never forget during the peak of lockdown, my college gave us a bunch of extensions to download. A student asked if there was an alternative to some of them since they didn't seem that secure. The DEAN responded that "you can't get a virus from a chrome extension"
It'a the beginning of the internet all over again.
@@GSFigure He does seem like the type to click the "You Won!!" pop-ups
Sounds quite technologically illiterate.
Now the DEAN is an idiot now is he.
Yeah like what
There have also been cases where a popular extension was sold to someone, and the buyer put subtle malware on it. It was "Unseen Facebook" or something like that.
Ooooh I had something like that happen. nanoBlock, which is a fork of uBlock Origin, had some neat things about it and I used it for a while. Then it was handed over to some suspicious Turkey dev (I think he was from Turkey, I can't recall) and some commits on the github seemed very suspicious and an issue was raised on the decrypted code. (it was committed as encrypted code) A big fuss occurred when this was caught... So, I went to uBlock Origin and never looked back since. The github no longer exists, it has long been deleted, but boy do I remember it though.
I had a start page extension on Firefox that was like that.
This is why we need browsers to actually implement the features we want so we don't even need plugins or extensions or addons or whatever name you want to use to refer to these things. They slow down your browsing experience and leave you less secure.
There's one called Island but it isn't free.
@@baoziinvasion I'd rather have one that's open source. Firefox is the closest to what I really want, but it's super bloated. And it desperately needs a built-in dark mode and ad blocker. Brave and Opera have those built-in, but they're Chromium based and that's a big no go in my book. People keep recommending Firefox forks like IceCat, but every one that I've used was inferior.
@@anon_y_mousse you want browsers to implement a bunch of features instead of having them as extensions, but you think firefox is bloated? 🤔
@@AltonV It seems like a contradiction until you realize how few features it actually implements.
@@youtube.user.1234 Apparently RUclips is deciding not to send alerts for every message, read what I wrote to Magnus, and consider what you're saying regarding the two features I mentioned which you're suggesting more extensions to fix, both of which I already have and only prove my point further. Disabling features at runtime isn't the same as removing bloat, since the bloat is still there. And no, I'm not going to setup the environment to compile Firefox from scratch myself, nor should I have to.
No need to worry cuz we got
Theo keeping us safe by raising awareness about them 😎
When you uninstall a malicious extension, make sure to check the "report abuse" button in the uninstaller window that pops up! This is probably the fastest way to get it removed from the store
mines not able to be removed please help
This video brings back memories of MS Internet Explorer being plagued with browser hijackers and web re-directors to weird search sites and malware sites that's why back then I switched to Netscape Navigator and still use its predecessor Firefox.
Thank you so much for helping all the people about these extensions!❤❤❤
imagine if Guardio extension itself starts doing nasty stuff in the background while protecting you from "other" malicious sources, that would be hilarious
The sponsor is a scam. Its over promising
@@monsterhunter445 rule of thumb for youtube: dont ever trust sponsorships, even if its from a legit verified trustworthy youtuber
This was very intresting, keep'em coming.
Really hope more people find your videos about malicious programs because I still have people tell me that as long as you don't click on ads you can't get a virus...
I've had the opposite happen to me lmao, I remember a friend of a friend who was very obnoxious and always wanted to talk to me about tech as I was the most tech skilled in our group (This was a group of friends that had a problem with concerting files lol) but this guy always acted like the best expert in IT and he used to claim all the time that unless you literally ran a .exe file as an administrator, you couldn't get a virus, hence why he always said that you couldn't get malware by clicking on ADs or by installing extensions.
Another awesome way is just don't go overboard with extensions (for example I have ublock origin and bitwarden only) I may add more as the need arises but just like ThioJoe said I vet them before hand and make sure they come from a trusted source that I've actually have heard of.
i always have to manually check the source code of the local files to ensure nothing fishy is going on... you know
Hmm 🤔
For me, It's complicated.
@@random_person618 which part is complicated?
@@ash_Psyyyy The complicated bit is:
• I don't do anything to check.
• I don't even use any extensions.
@@random_person618 my honest reaction to you're response: 💀
With task scheduler you can sometimes see the first date it got triggered which may be a good thing to look out for. Seems to not show on all tasks though.
Seeing this made me think immediately: Can you make an up-to-date video on the chrome extensions you use and what ones you recommend? I know you've done one before but it was a long time ago
Theo you are really helping us to use windows safely ❤
Good video Joe and I am lucky in that my Eset Smart Security I have on all my machines does have an anti bad extensions which blocks and/or deletes these wretched extensions.
I had to deal with people asking for my help because they somehow installed mallicious extensions that tagged all their friends on facebook and was speading like that. I ended up setting up a group policy to whitelist, block every extension from installing other than ublock origin.
Beware: Auditing the source doesn't help WHATSOEVER. I audited the most popular Cookie extension for Chrome. Totally clean code. Suddenly, it began sending all your cookies to the author, silently, in an update. It kept doing that for weeks until someone noticed and I received an alert that the extension had been disabled and removed from the store by Chrome.
Hopefully you logged out of all websites, cleared your cookies, and logged back into those sites. At least the sites that you allowed to remember your login credentials through cookies.
@@Slavolko Yeah, I did a "log out all sessions" at every important place. I was really shocked that Google didn't prevent this from being added to their platform. Since then I stopped using extensions. Oh and it happened in February this year, 2023.
@@MyAmazingUsername Google allowed it to be added because the extension was safe until January of this year. We assume it might've been sold off or the author decided to make it malicious.
But I understand how you feel. I became wary of extensions after that as well.
@@Slavolko True but I assumed that they had some kind of automatic scanner for malicious actions, like net connections etc.
There's a per-extension option to set which places it can run at by the way, which is helpful to limit the damage.
@@MyAmazingUsername I also assumed they had automatic processes for scanning the extensions, but it seems they don't.
Excellent info! Thanks!
ThioJoe saving the day ❤
there was one extension that i couldnt turn off its called "Mammalia". i couldnt find ANY info on it anywhere, i had to uninstall google chrome and reinstall it in order to remove it. does anyone know what mammalia is?
A good way to counter this (at least it would help the user keeping himself safer) would be to require the user to give the necessary permissions to addons. Like, if a theme based addon requires access to your keyboard inputs and cookies, it would already be pretty suspicious.
this is a really good idea.
and WHY ISN'T ENHANCED PROTECTION IS THE DEFAULT SETTING??
Can't you use tools like Bleachbit to clean up cookies cache etc to get rid of some of these.
Hi I have a question, how do I get rid of equusafricanusAsinus extension it says installed by administrator and I never installed it and it just popped up
can a extention play a sound in a tab, somthing happend like that to me
Would guardio
Help with the issues that will come from .zip links?
Computer expert warns against extension software. Computer expert then promotes an extension software.
Question - Why do I not get RUclips Notifications at times - too many times? All of my settings are correct. Although In my RUclips settings my Notification setting for Chrome keeps turning off - I don't believe this is the issue though. Thanks
i have my browser managed by some registry policys i put in, as i hate hunting for a setting if i accidently disable something, like bookbark bar or home button.
I once downloaded a "free" manager and I installed, it didn't work it just crashes instantly but what I didn't know was that it installed a "Google Docs" extension and each time I remove it chrome crashes and gets put back what it did was change my default search engine to a weird sketchy one
I'd be curious to know if this is as prevalent an issue on Firefox's extension "store".
A precursory glance and I only see one "sus" extension and it's mostly review bombed because it was bought by a company people don't like.
I've seen a Firefox extension that used an exploit to turn the add-ons page into a blank page.
This was a few years ago, but there was nothing else being downloaded.
So i have a Chrome extension named EquusAfricanusAsinus. I cant remove it or do anything with it because its a Admin. Any help?
One of the few things I do to all my systems is diable non-web store extensions from being installed. No local extensions allowed. It's been a while, but I have gotten alerts of something trying to install an extension in the past and failing. Half the battle right there.
I actually had a spyware extension (it was called gogaurdian) on my mac from when i accidentally turned on sync on chrome a few years ago(I don't go to that school anymore and the google account was completely deleted) and the extension had the remove button grayed out and the disable toggle grayed out as well , even after the google account was deleted I was still unable to remove it so hopefully this lets me finally delete it(even deleting the extension file in the chrome files did not remove it, and it only removed it's icon).
Keep up the good work Thio.. people need to be aware of these.. Google should have taken the hint by now.. or does Google want to kill extensions? Especially AdBlocks?
no..google actually pays AdBlock bc it makes sure the ppl seeing ads are those who don't mind, resulting in more clicks bc google only gets paid if the viewer clicks on the ad, not sees it
Some people are really hoping that you do one of your totally awesome videos about searchlab, I notice how you had the beaker on your Google Chrome browser. That thing just popped up out of nowhere
Is anything on github actually consider safe because it is open source? Or does anyone actually checking those codes?
Recently, I've been getting random extensions getting added to my chrome that all have to do with "web" "search" stuff. Please someone let me know if there's something to do with malware.
Do a Full PC Scan with HitmanPro 3 and Emsisoft, do a backup of important files first!
Damn that reminds me.. when I was 16 and using my dad's computer to download pr0n in the late 90s, I had to stealth-reinstall his windows multiple times due to viruses and adware fucking everything up.
I suggest to use AdwCleaner, RogueKiller and Zemana to remove anything malicious inside Chrome, included extensions.
Has FireFox had similar issues with extensions?
omg i keep randomly getting new tabs about sum random chatgpt crap how do i make it stop
I somehow got something like memz in chrome with tampermonkey, so i installed a css injector script to a game and when i opened site for 5th time buttons on it wasnt working and then there was something like morse code sounds, cursor was lagging so much and mouse clicks wasnt working, so i poemed task manager, it wasnt working, then i pressed ctrl+alt+delete and my screen was black, only language at top leff, so i shit it down with power button, and hopefully everything was working, and that was my old labtop, that i dont use much, who can explain me what is this?
is there a way to see how old an extension is? Like how long has it existed, how often are updated, when was the first version released?
Nope
This is another excellent, informative video. Keep 'em coming!
Can extensions be installed with drive-by attacks? How can we prevent those? If a webpage takes more than a second to load with a 400 Mbps connection, does that mean I've been infected with malware?
Also, if I see a command prompt window flash briefly on my screen when I restart Windows (after my desktop appears), does that mean I have an infection? I have Norton Antivirus, but this sort of thing makes me paranoid
A 400 Mbps connection usually means 400 Mbps max.
If you see a command prompt pop up as you start windows, especially after a crash. You need to investigate.
I recently uninstalled a nasty search app/extension that directed my searches to what were obviously a number of X-rated, adult porn sites, one of which was filled with photos of children. It took me several hours & a lot of failed attempts to uninstall it. I reported the site to my Internet Provider, but still haven't heard back from them, and I don't expect to( Spectrum). I use Edge, I'm still looking for a way to block these malicious extensions. Another one I had, a spell-checker & thesaurus would shut down my browser whenever I attempted to use it, causing me to have to restart my computer. I have to admit, most of the ones I use appear to be safe, but after watching this video, I'm beginning to wonder if they really are. I've gotten some of the best tips for new programs & computer fixes by watching Thio's videos, he should have many more subscribers than he has.
did you report that last website? there's official websites / places to report such sites.
report child ..... to your government
@@Xnoob545 Done.
It's most annoying when a good working extension turns bad, it gives sponsored results in Google search.
Its difficult to find what extension is doing it, In my case it was some volume booster app, the thing was chrome web store removed it for malicious reasons but DIDN'T INFORMED ME 'THE USER'
It happened one more time with another app but then I found it but disabling enabling
At starting I'm not sure whats going on until I understood.
I'm was not sus of extensions because I at that time didn't have any 3rd party extensions and thought Extensions would've not done any malicious stuff as they were approved by Google but its a loophole when Google removes them from webstore but they are still on devices and DID NOT WARN US wth
what if its administrator on my computer and is requiring a extension
Thank very much Sir good tips
hey whas happinin jojo, what i love about some of those extensions, is they make my browser, which is ummm T-Mobile? maybe it used to be Verizon, is that they make the browser REALLY long like many screens long.. so they DO WORK!
I never went too crazy with extensions. Right now i'm just using UBlock Origin and tampermokey for some scripts and that's all, i don't need anything else. Either way this is really good information to know. thanks for keeping us safe!
When I open one of my app. It says rooted device restrictions. My phone has never been rooted. Please let me know how to resolve this.
prob a dumb question but are bitdefender add-ons and 1password add-on safe ? considering its from two trusted companies i think it is but what are your thoughts on it ?
there is no reason to use bitdefender as a browser extension in 2023.
1password the extension itself should be fine
assuming the bitdefender extension is legit, it is "harmless" but not too useful these days. (I say "harmless" because you may be losing performance ever so slightly)
the real question is why are extensions given so much control over windows that they can use the task scheduler and stuff? should they not be strictly sandboxed to the current tab or at BEST the browser app as a whole?
A virus is downloaded outside of chrome and installs the extension to chrome and sets all the other stuff
Just a few days ago i got a notification from chrome that one of my Extensions could be malicious.
@@shimaphys no, it was some audio control thing
what if someone copy's guardio and google deletes the real one?
bro idk why but if i wanna download a extensions like shoop or what ever i dont get to the right site it opens a dragon .... extensions everytime
Ok.
**Opens Firefox**
11:33 Yeah I noticed those fake Chat GPT ads even here on RUclips.
And the tv dongles ads WDF ARE THESE SCAMS
it's really dumb how extensions permissions are not specific, and many extensions require access to all data on all websites, even if they just want to bookmark images you click ( browsers should only give them access to that image when you click it for example, or only access to the text you highlight and right click ... )
This is why we shouldn't use these things in the first place. The browser should just have certain features built-in, it'd be faster and safer. This is really making me want to write my own browser, if only I had the time.
Good day Just saw your tweet. Take some rest.
Good to know. Thank you.
I only have 3 extensions but if I do need to download one I always research it first.
i've used the chrome as managed by organisation in fedora 38 , not able to change it
when going to download something always check to see if the site is labeled as an ad/promoted. they are often fake sites.
Unfortunately, Google seems to be heading down the M$ path. Folks support Firefox instead and use ublock as an add-on.
ok
@@Rex2k10 Disagree. Still supported on Windows 7, both M$ and G$ggle have no supported browser on Windows 7 is a good example.
@@elliskaranikolaou2550 - so you care about security, yet not for your operation system 😂
Having support for Win7 isn't a feature ROFL
@@johncoops6897 I agree, but your English isn't great.
@@elliskaranikolaou2550 No one should be using EoL operating systems. Security updates are important. If you hate Microsoft that much why don't you use Linux?
Why does an extension has access to system being able to create scheduled tasks and edit the registry? Why would an extension need such access!?
I got Dark Reader (for those bright websites), DuckDuckGo Privacy Essentials, Return RUclips Dislike, Stylus, Tampermonkey (Just to make youtube a little faster with some scripts I checked), uBlock Origin, and nightTab because i've used it for a year and can't see any problem listed.
This video made me check my Chrome extensions and it turns out I still have an extension installed that got removed from the Chrome Web Store.
I had one pop up yesterday as removed the chrome web store and now I’m trying to figure out what to do. Crazy!
Thanks for the noticing us mate
What is the best anti-phishing extension for Google Chrome?
We use Malwarebytes Browser Guard & it's free. It also serves as our ad block extension.
I have it pushed out to all of our staff & faculty accounts, and Student Google accounts more then 700 devices we have this installed on
*y o u r m o m*
Congrats on 3m subs
Is it Chrome for Windows that is at risk, or could it also be e.g. ChromeOS on a Chromebook?
Since most of these are going to be keyloggers amd cookie stealers, it's an issue if it gets installed. However, something needs to give you the prompt to install since malware for ChromeOS isn't made often.
Rich people: we have bodyguard😎
Actual bodyguard: ThioJoe
Why didn't you mention the risk coming from modified lnk files invoking chrome with extension in command line ? Last days I had a warning message from my bank about this threat... Anyway your videos are always useful and informative, thank you
Hadn’t heard about it. Also I can’t cover every single thing in every video
@@ThioJoe Of course, a video cannot cover any possible thing.. neither a serie sometime can do that... My bank described it as "LNK Between Browsers" and googling it there is an article on mandiant site describing in detail this threat, it is interesting because the user is not aware of using an extension at all. May be an idea for other video about chrome and other browsers using the same engine..
I once installed the ultimate tab suspender but it ended up adding advertisements to my google searches
Hi Thio, Theo here, could you do a show for senior citizens and really old people? Thank you,
Very informative
You haven't finished the video yet...
@blunderingfool but who asked
My friend had the Micro Search engine and we did crazy things to remove it. Tried deleting the chrome program files, it's registry entries, and everything. We finally got rid of it but it came right back the next day. So we just ended up erasing the computer lol.
Malwarebytes Extension does pretty much the same tho? And its completely free
Imagine theres a malicious extension for Guardio itself!
can you recommend browsers safer than chrome?
Yeah but why can't windows see it I scanned the file 4 times with two different apps
Why do you call virus to all malware?
I do remember dark reader mentioning that there was a copycat and to because a long while ago
4:40 Sounds like Web Root! Over a year later, I'm Still cleaning out sticky traces of that *Security & Protection* program. Never again!
Why do you look like an Elf? 😜
Thanks Theo for the video.. Not many youtubers are spreading such awareness.. 👍👍
I don't have and never have had any extensions on any browser. Why does anyone needs extensions to look at a web page?
Idunno
ooo im early :D (15 mins after release)
thanks.
I prefer Edge anyway. The search results aren't as accurate but the browser is four times faster
Use tor
Use tor
Edge is pretty good but you still have to be cautious about these extensions as it is Chromium based
Edge has same speed as Chromium if not less, which is slightly less than Chrome.
Also the extensions can also make their way still.
Edge is basically Chrome now anyway.
and it dos not hav to do with anye ads that may pop up wen you usis your home computor aka pc witch is as uot datadid as you maybe
are you like regular joe but with one of your oxygens replaced by a sulfur?
Best protection: Uninstall Google Chrome
how come google would let number of users be able to be faked? That seems like it should be completely an internally controlled value. Same with some of the badge markers.
Ridiculous!
It's like they put out the ability to have the extension store but then drag there asses to make sure it is safe and extensions are properly vetted.
Perhaps they need to require source code submissions and then Google compiles and loads them onto the store after looking at the source code.
Glad I only use like 2 extensions.
There was a annoying thing on the web store called dragon lovers
yeah now there is something like dragon angel that is the same ig
I saw the lack of seriousness on the Chrome Webstore many years ago, and I don't install extensions anymore. They always give me a bad vibe.
Trusting google with anything is a worry, better to use another browser..