Beware Malicious Chrome Extensions!
Ғылым және технология
Protect your browsing with Guardio, plus get a 20% discount every month for a year, with a free 7 day free trial ⇨ guard.io/thiojoe (Sponsored)
• Article About FakeGPT Malicious Extensions: labs.guard.io/fakegpt-2-open-...
Batch File for Removing Management Policies: support.google.com/chrome/thr...
(Note: If you use Windows 10 or 11 Pro, the batch file will probably erase all policy settings you've changed)
▼ Time Stamps: ▼
0:00 - Intro
1:12 - Where Do They Come From?
1:18 - Chrome Web Store
2:18 - A Very Excellent Thing
3:49 - Installed by Malware
5:59 - Side-Loaded
6:29 - Types of Malicious Extensions
8:31 - Ways to Avoid Them
9:09 - Web Store Badges
10:30 - Reviews and Extension Age
10:58 - Check the Website
11:51 - Chrome Enhanced Protection
12:48 - How to Remove Them
13:19 - Removing Management Policies
14:52 - Task Scheduler
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Merch ⇨ teespring.com/stores/thiojoe
⇨ / thiojoe
⇨ / thiojoe
⇨ / thiojoetv
My Gear & Equipment ⇨ kit.co/ThioJoe
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Пікірлер: 368
I will never forget during the peak of lockdown, my college gave us a bunch of extensions to download. A student asked if there was an alternative to some of them since they didn't seem that secure. The DEAN responded that "you can't get a virus from a chrome extension"
@GSFigure
Жыл бұрын
It'a the beginning of the internet all over again.
@OpulentPomegranate
Жыл бұрын
@@GSFigure He does seem like the type to click the "You Won!!" pop-ups
@keit99
Жыл бұрын
Sounds quite technologically illiterate.
@UmVtCg
Жыл бұрын
Now the DEAN is an idiot now is he.
@DaMusicBoi
Жыл бұрын
Yeah like what
There have also been cases where a popular extension was sold to someone, and the buyer put subtle malware on it. It was "Unseen Facebook" or something like that.
@TwinShadow_Fox
Жыл бұрын
Ooooh I had something like that happen. nanoBlock, which is a fork of uBlock Origin, had some neat things about it and I used it for a while. Then it was handed over to some suspicious Turkey dev (I think he was from Turkey, I can't recall) and some commits on the github seemed very suspicious and an issue was raised on the decrypted code. (it was committed as encrypted code) A big fuss occurred when this was caught... So, I went to uBlock Origin and never looked back since. The github no longer exists, it has long been deleted, but boy do I remember it though.
@CoasterMan13Official
10 ай бұрын
I had a start page extension on Firefox that was like that.
This is why we need browsers to actually implement the features we want so we don't even need plugins or extensions or addons or whatever name you want to use to refer to these things. They slow down your browsing experience and leave you less secure.
@baoziinvasion
Жыл бұрын
There's one called Island but it isn't free.
@anon_y_mousse
Жыл бұрын
@@baoziinvasion I'd rather have one that's open source. Firefox is the closest to what I really want, but it's super bloated. And it desperately needs a built-in dark mode and ad blocker. Brave and Opera have those built-in, but they're Chromium based and that's a big no go in my book. People keep recommending Firefox forks like IceCat, but every one that I've used was inferior.
@AltonV
Жыл бұрын
@@anon_y_mousse you want browsers to implement a bunch of features instead of having them as extensions, but you think firefox is bloated? 🤔
@anon_y_mousse
Жыл бұрын
@@AltonV It seems like a contradiction until you realize how few features it actually implements.
@anon_y_mousse
Жыл бұрын
@@youtube.user.1234 Apparently KZread is deciding not to send alerts for every message, read what I wrote to Magnus, and consider what you're saying regarding the two features I mentioned which you're suggesting more extensions to fix, both of which I already have and only prove my point further. Disabling features at runtime isn't the same as removing bloat, since the bloat is still there. And no, I'm not going to setup the environment to compile Firefox from scratch myself, nor should I have to.
When you uninstall a malicious extension, make sure to check the "report abuse" button in the uninstaller window that pops up! This is probably the fastest way to get it removed from the store
No need to worry cuz we got Theo keeping us safe by raising awareness about them 😎
This video brings back memories of MS Internet Explorer being plagued with browser hijackers and web re-directors to weird search sites and malware sites that's why back then I switched to Netscape Navigator and still use its predecessor Firefox.
Thank you so much for helping all the people about these extensions!❤❤❤
imagine if Guardio extension itself starts doing nasty stuff in the background while protecting you from "other" malicious sources, that would be hilarious
@monsterhunter445
Жыл бұрын
The sponsor is a scam. Its over promising
@Xnoob545
Жыл бұрын
@@monsterhunter445 rule of thumb for youtube: dont ever trust sponsorships, even if its from a legit verified trustworthy youtuber
This was very intresting, keep'em coming.
Really hope more people find your videos about malicious programs because I still have people tell me that as long as you don't click on ads you can't get a virus...
@lampionmancz
Жыл бұрын
I've had the opposite happen to me lmao, I remember a friend of a friend who was very obnoxious and always wanted to talk to me about tech as I was the most tech skilled in our group (This was a group of friends that had a problem with concerting files lol) but this guy always acted like the best expert in IT and he used to claim all the time that unless you literally ran a .exe file as an administrator, you couldn't get a virus, hence why he always said that you couldn't get malware by clicking on ADs or by installing extensions.
i always have to manually check the source code of the local files to ensure nothing fishy is going on... you know
@Kaedahara
Жыл бұрын
Hmm 🤔
@random_person618
Жыл бұрын
For me, It's complicated.
@ash_Psyyyy
Жыл бұрын
@@random_person618 which part is complicated?
@random_person618
Жыл бұрын
@@ash_Psyyyy The complicated bit is: • I don't do anything to check. • I don't even use any extensions.
@ash_Psyyyy
Жыл бұрын
@@random_person618 my honest reaction to you're response: 💀
Another awesome way is just don't go overboard with extensions (for example I have ublock origin and bitwarden only) I may add more as the need arises but just like ThioJoe said I vet them before hand and make sure they come from a trusted source that I've actually have heard of.
Theo you are really helping us to use windows safely ❤
Seeing this made me think immediately: Can you make an up-to-date video on the chrome extensions you use and what ones you recommend? I know you've done one before but it was a long time ago
ThioJoe saving the day ❤
Excellent info! Thanks!
Good video Joe and I am lucky in that my Eset Smart Security I have on all my machines does have an anti bad extensions which blocks and/or deletes these wretched extensions.
Computer expert warns against extension software. Computer expert then promotes an extension software.
Keep up the good work Thio.. people need to be aware of these.. Google should have taken the hint by now.. or does Google want to kill extensions? Especially AdBlocks?
@thatdesiguy0
Жыл бұрын
no..google actually pays AdBlock bc it makes sure the ppl seeing ads are those who don't mind, resulting in more clicks bc google only gets paid if the viewer clicks on the ad, not sees it
Beware: Auditing the source doesn't help WHATSOEVER. I audited the most popular Cookie extension for Chrome. Totally clean code. Suddenly, it began sending all your cookies to the author, silently, in an update. It kept doing that for weeks until someone noticed and I received an alert that the extension had been disabled and removed from the store by Chrome.
@Slavolko
Жыл бұрын
Hopefully you logged out of all websites, cleared your cookies, and logged back into those sites. At least the sites that you allowed to remember your login credentials through cookies.
@MyAmazingUsername
Жыл бұрын
@@Slavolko Yeah, I did a "log out all sessions" at every important place. I was really shocked that Google didn't prevent this from being added to their platform. Since then I stopped using extensions. Oh and it happened in February this year, 2023.
@Slavolko
Жыл бұрын
@@MyAmazingUsername Google allowed it to be added because the extension was safe until January of this year. We assume it might've been sold off or the author decided to make it malicious. But I understand how you feel. I became wary of extensions after that as well.
@MyAmazingUsername
Жыл бұрын
@@Slavolko True but I assumed that they had some kind of automatic scanner for malicious actions, like net connections etc. There's a per-extension option to set which places it can run at by the way, which is helpful to limit the damage.
@Slavolko
Жыл бұрын
@@MyAmazingUsername I also assumed they had automatic processes for scanning the extensions, but it seems they don't.
A good way to counter this (at least it would help the user keeping himself safer) would be to require the user to give the necessary permissions to addons. Like, if a theme based addon requires access to your keyboard inputs and cookies, it would already be pretty suspicious.
@vilmoswinkler3050
Жыл бұрын
this is a really good idea. and WHY ISN'T ENHANCED PROTECTION IS THE DEFAULT SETTING??
I recently uninstalled a nasty search app/extension that directed my searches to what were obviously a number of X-rated, adult porn sites, one of which was filled with photos of children. It took me several hours & a lot of failed attempts to uninstall it. I reported the site to my Internet Provider, but still haven't heard back from them, and I don't expect to( Spectrum). I use Edge, I'm still looking for a way to block these malicious extensions. Another one I had, a spell-checker & thesaurus would shut down my browser whenever I attempted to use it, causing me to have to restart my computer. I have to admit, most of the ones I use appear to be safe, but after watching this video, I'm beginning to wonder if they really are. I've gotten some of the best tips for new programs & computer fixes by watching Thio's videos, he should have many more subscribers than he has.
@liquidmagma0
Жыл бұрын
did you report that last website? there's official websites / places to report such sites.
@Xnoob545
Жыл бұрын
report child ..... to your government
@incomitatus
Жыл бұрын
@@Xnoob545 Done.
hey whas happinin jojo, what i love about some of those extensions, is they make my browser, which is ummm T-Mobile? maybe it used to be Verizon, is that they make the browser REALLY long like many screens long.. so they DO WORK!
Damn that reminds me.. when I was 16 and using my dad's computer to download pr0n in the late 90s, I had to stealth-reinstall his windows multiple times due to viruses and adware fucking everything up.
With task scheduler you can sometimes see the first date it got triggered which may be a good thing to look out for. Seems to not show on all tasks though.
Some people are really hoping that you do one of your totally awesome videos about searchlab, I notice how you had the beaker on your Google Chrome browser. That thing just popped up out of nowhere
Congrats on 3m subs
I suggest to use AdwCleaner, RogueKiller and Zemana to remove anything malicious inside Chrome, included extensions.
11:33 Yeah I noticed those fake Chat GPT ads even here on KZread.
I never went too crazy with extensions. Right now i'm just using UBlock Origin and tampermokey for some scripts and that's all, i don't need anything else. Either way this is really good information to know. thanks for keeping us safe!
Thanks for the noticing us mate
Thank very much Sir good tips
Good day Just saw your tweet. Take some rest.
Just a few days ago i got a notification from chrome that one of my Extensions could be malicious.
@mauznemo
Жыл бұрын
@@shimaphys no, it was some audio control thing
Ok. **Opens Firefox**
ooo im early :D (15 mins after release)
Very informative
@blunderingfool
Жыл бұрын
You haven't finished the video yet...
@hackercrafter53
Жыл бұрын
@blunderingfool but who asked
I actually had a spyware extension (it was called gogaurdian) on my mac from when i accidentally turned on sync on chrome a few years ago(I don't go to that school anymore and the google account was completely deleted) and the extension had the remove button grayed out and the disable toggle grayed out as well , even after the google account was deleted I was still unable to remove it so hopefully this lets me finally delete it(even deleting the extension file in the chrome files did not remove it, and it only removed it's icon).
I had to deal with people asking for my help because they somehow installed mallicious extensions that tagged all their friends on facebook and was speading like that. I ended up setting up a group policy to whitelist, block every extension from installing other than ublock origin.
Hi I have a question, how do I get rid of equusafricanusAsinus extension it says installed by administrator and I never installed it and it just popped up
Question - Why do I not get KZread Notifications at times - too many times? All of my settings are correct. Although In my KZread settings my Notification setting for Chrome keeps turning off - I don't believe this is the issue though. Thanks
Why didn't you mention the risk coming from modified lnk files invoking chrome with extension in command line ? Last days I had a warning message from my bank about this threat... Anyway your videos are always useful and informative, thank you
@ThioJoe
Жыл бұрын
Hadn’t heard about it. Also I can’t cover every single thing in every video
@playmangostingiu2217
Жыл бұрын
@@ThioJoe Of course, a video cannot cover any possible thing.. neither a serie sometime can do that... My bank described it as "LNK Between Browsers" and googling it there is an article on mandiant site describing in detail this threat, it is interesting because the user is not aware of using an extension at all. May be an idea for other video about chrome and other browsers using the same engine..
Good to know. Thank you.
This is another excellent, informative video. Keep 'em coming! Can extensions be installed with drive-by attacks? How can we prevent those? If a webpage takes more than a second to load with a 400 Mbps connection, does that mean I've been infected with malware? Also, if I see a command prompt window flash briefly on my screen when I restart Windows (after my desktop appears), does that mean I have an infection? I have Norton Antivirus, but this sort of thing makes me paranoid
@superJK92
Жыл бұрын
A 400 Mbps connection usually means 400 Mbps max.
@randino2030
4 ай бұрын
If you see a command prompt pop up as you start windows, especially after a crash. You need to investigate.
the real question is why are extensions given so much control over windows that they can use the task scheduler and stuff? should they not be strictly sandboxed to the current tab or at BEST the browser app as a whole?
@ThioJoe
Жыл бұрын
A virus is downloaded outside of chrome and installs the extension to chrome and sets all the other stuff
I once downloaded a "free" manager and I installed, it didn't work it just crashes instantly but what I didn't know was that it installed a "Google Docs" extension and each time I remove it chrome crashes and gets put back what it did was change my default search engine to a weird sketchy one
Unfortunately, Google seems to be heading down the M$ path. Folks support Firefox instead and use ublock as an add-on.
@anotheryoutubeaccount5259
Жыл бұрын
ok
@elliskaranikolaou2550
Жыл бұрын
@@Rex2k10 Disagree. Still supported on Windows 7, both M$ and G$ggle have no supported browser on Windows 7 is a good example.
@johncoops6897
Жыл бұрын
@@elliskaranikolaou2550 - so you care about security, yet not for your operation system 😂 Having support for Win7 isn't a feature ROFL
@Xnoob545
Жыл бұрын
@@johncoops6897 I agree, but your English isn't great.
@Xnoob545
Жыл бұрын
@@elliskaranikolaou2550 No one should be using EoL operating systems. Security updates are important. If you hate Microsoft that much why don't you use Linux?
I'd be curious to know if this is as prevalent an issue on Firefox's extension "store". A precursory glance and I only see one "sus" extension and it's mostly review bombed because it was bought by a company people don't like.
So i have a Chrome extension named EquusAfricanusAsinus. I cant remove it or do anything with it because its a Admin. Any help?
Recently, I've been getting random extensions getting added to my chrome that all have to do with "web" "search" stuff. Please someone let me know if there's something to do with malware.
@Diego-1
9 ай бұрын
Do a Full PC Scan with HitmanPro 3 and Emsisoft, do a backup of important files first!
I only have 3 extensions but if I do need to download one I always research it first.
Hi Thio, Theo here, could you do a show for senior citizens and really old people? Thank you,
4:40 Sounds like Web Root! Over a year later, I'm Still cleaning out sticky traces of that *Security & Protection* program. Never again!
when going to download something always check to see if the site is labeled as an ad/promoted. they are often fake sites.
I can't believe that you actually made a video on this topic I mentioned in comments. Thanks
My friend had the Micro Search engine and we did crazy things to remove it. Tried deleting the chrome program files, it's registry entries, and everything. We finally got rid of it but it came right back the next day. So we just ended up erasing the computer lol.
Can't you use tools like Bleachbit to clean up cookies cache etc to get rid of some of these.
It's most annoying when a good working extension turns bad, it gives sponsored results in Google search. Its difficult to find what extension is doing it, In my case it was some volume booster app, the thing was chrome web store removed it for malicious reasons but DIDN'T INFORMED ME 'THE USER' It happened one more time with another app but then I found it but disabling enabling At starting I'm not sure whats going on until I understood. I'm was not sus of extensions because I at that time didn't have any 3rd party extensions and thought Extensions would've not done any malicious stuff as they were approved by Google but its a loophole when Google removes them from webstore but they are still on devices and DID NOT WARN US wth
there was one extension that i couldnt turn off its called "Mammalia". i couldnt find ANY info on it anywhere, i had to uninstall google chrome and reinstall it in order to remove it. does anyone know what mammalia is?
@autismogamer
Ай бұрын
Yes, let's ask the comment section and not look it up on a search engine that will give you hundreds to thousands of sites speaking of said issue.
This video made me check my Chrome extensions and it turns out I still have an extension installed that got removed from the Chrome Web Store.
@Jana_14320
6 ай бұрын
I had one pop up yesterday as removed the chrome web store and now I’m trying to figure out what to do. Crazy!
Imagine theres a malicious extension for Guardio itself!
You know those fake bouncy green ads that look like download buttons? (If you don’t, google “fake download button ad” and go to images section) Well my grandpa was trying to download a free pdf and he clicked one of those ads (he thought it was a real download button) and it went to one of those sketchy redirect sites (you know the ones where you go to them and it redirects you to, like, 50 websites???) The site it redirected to said “In order to download your file, install the Chrome Extension “SafeSearch for Chrome”. This website is clearly impersonating the website where he wanted to download the pdf. But he installed the extension, and it made it so the default search engine couldn’t be changed from this weird search engine nobody has ever heard of, with a ton of ads and BS links. Now I can fix his computer, thanks!!! (The extension reinstalls itself after being deleted. It was removed from the web store but it can still reinstall itself because the file is embedded in the OS.)
Rich people: we have bodyguard😎 Actual bodyguard: ThioJoe
it's really dumb how extensions permissions are not specific, and many extensions require access to all data on all websites, even if they just want to bookmark images you click ( browsers should only give them access to that image when you click it for example, or only access to the text you highlight and right click ... )
@anon_y_mousse
Жыл бұрын
This is why we shouldn't use these things in the first place. The browser should just have certain features built-in, it'd be faster and safer. This is really making me want to write my own browser, if only I had the time.
Is anything on github actually consider safe because it is open source? Or does anyone actually checking those codes?
i have my browser managed by some registry policys i put in, as i hate hunting for a setting if i accidently disable something, like bookbark bar or home button.
Best protection: Uninstall Google Chrome
I prefer Edge anyway. The search results aren't as accurate but the browser is four times faster
@juhaeerjayran4246
Жыл бұрын
Use tor
@juhaeerjayran4246
Жыл бұрын
Use tor
@slavboii420
Жыл бұрын
Edge is pretty good but you still have to be cautious about these extensions as it is Chromium based
@0xC4aE1e5
Жыл бұрын
Edge has same speed as Chromium if not less, which is slightly less than Chrome. Also the extensions can also make their way still.
@andrewmurray1550
Жыл бұрын
Edge is basically Chrome now anyway.
I added the font fingyprint defender at Thio's advice months ago, then a few weeks later i noticed that warning from chrome and uninstalled it. faaaaackkin GOOGLE stores! I love it.
I do remember dark reader mentioning that there was a copycat and to because a long while ago
can a extention play a sound in a tab, somthing happend like that to me
I've seen a Firefox extension that used an exploit to turn the add-ons page into a blank page. This was a few years ago, but there was nothing else being downloaded.
I saw the lack of seriousness on the Chrome Webstore many years ago, and I don't install extensions anymore. They always give me a bad vibe.
Would guardio Help with the issues that will come from .zip links?
When I open one of my app. It says rooted device restrictions. My phone has never been rooted. Please let me know how to resolve this.
thank you so much i was able to delete this virus
One of the few things I do to all my systems is diable non-web store extensions from being installed. No local extensions allowed. It's been a while, but I have gotten alerts of something trying to install an extension in the past and failing. Half the battle right there.
at least they have one star reviews
Why do you look like an Elf? 😜 Thanks Theo for the video.. Not many youtubers are spreading such awareness.. 👍👍
Glad I only use like 2 extensions.
is there a way to see how old an extension is? Like how long has it existed, how often are updated, when was the first version released?
@ThioJoe
Жыл бұрын
Nope
you did help me to get rid of like 2 chrome extentions Im really gratefull for your work.
I somehow got something like memz in chrome with tampermonkey, so i installed a css injector script to a game and when i opened site for 5th time buttons on it wasnt working and then there was something like morse code sounds, cursor was lagging so much and mouse clicks wasnt working, so i poemed task manager, it wasnt working, then i pressed ctrl+alt+delete and my screen was black, only language at top leff, so i shit it down with power button, and hopefully everything was working, and that was my old labtop, that i dont use much, who can explain me what is this?
bro idk why but if i wanna download a extensions like shoop or what ever i dont get to the right site it opens a dragon .... extensions everytime
I would also advice to totally re-install the browser from scratch.
prob a dumb question but are bitdefender add-ons and 1password add-on safe ? considering its from two trusted companies i think it is but what are your thoughts on it ?
@MarioShotgun
Жыл бұрын
there is no reason to use bitdefender as a browser extension in 2023. 1password the extension itself should be fine
@RolandHazoto
Жыл бұрын
assuming the bitdefender extension is legit, it is "harmless" but not too useful these days. (I say "harmless" because you may be losing performance ever so slightly)
There was a annoying thing on the web store called dragon lovers
@Bydrixs
10 ай бұрын
yeah now there is something like dragon angel that is the same ig
I once installed the ultimate tab suspender but it ended up adding advertisements to my google searches
omg i keep randomly getting new tabs about sum random chatgpt crap how do i make it stop
Im pretty sure this is how my credit card info got stolen. Malware bytes found a keylogger from a chrome extension.
Has FireFox had similar issues with extensions?
thanks.
He is saying to get an extenchion to protect you from extenchions😂
Honestly at this point anything I need an extension for, other than adnlock and song recognition I'm literally just writing myself.
I will be careful now!
Why does an extension has access to system being able to create scheduled tasks and edit the registry? Why would an extension need such access!?
What is the best anti-phishing extension for Google Chrome?
@flashlightfreek
7 ай бұрын
We use Malwarebytes Browser Guard & it's free. It also serves as our ad block extension. I have it pushed out to all of our staff & faculty accounts, and Student Google accounts more then 700 devices we have this installed on
@Nick12_45
3 ай бұрын
*y o u r m o m*
I got Dark Reader (for those bright websites), DuckDuckGo Privacy Essentials, Return KZread Dislike, Stylus, Tampermonkey (Just to make youtube a little faster with some scripts I checked), uBlock Origin, and nightTab because i've used it for a year and can't see any problem listed.
The kids in my school install game extensions, I can't fault them, when I was in school. I played Super Mario and Snake on my TI86, but it's so bad, it steals their info: they don't know any better... But at the same time they are disabling the security features...
Malwarebytes Extension does pretty much the same tho? And its completely free