Over the past few months, there has been an increase in privacy violation cases. People have gone from mildly concerned about privacy to totally paranoid in a short amount of time.
Many of these cases have involved creepy Chrome extensions that have attempted to gather user data or perform actions without the user’s knowledge or permission. These extensions have been removed from the Chrome Web Store and users have been warned.
One such extension that has caused many alarms is a quietly updated extension called ‘Nubu Smart Browser’. This extension was originally made by a developer named Jincheng Chen and had over one thousand downloads and a four-star rating before being taken down. It was later reuploaded by a different user with the same name, but none of the previous ratings or reviews were transferred.
This new uploader was not known to be fraudulent, but the extension does seem to violate user privacy. It collects some basic information about the user, but does so in an undetectable way.
This extension does not have a visible icon in the toolbar
This extension does not have a visible icon in the toolbar, so users would not know that it was ever installed. Once it is installed, it runs in the background and continues to collect user data.
Users can check their settings by going to Settings > Manage Search Engines then looking for any unfamiliar search engines. If one is found, then it can be deleted.
By having this extension install itself without the user’s knowledge and by being stealthy, this app violates Google’s policy. The policy states that all apps must have clear descriptions, request explicit user consent and must not trick people into installing them.
This extension was removed from the Chrome Web Store on March 5 but may have affected hundreds of users who installed it prior to its removal.
Users will not know how to activate the extension
While this may not seem like a big deal, users will be exposed to features of this extension that they do not know how to use.
Many users who install this extension will simply see a new menu option titled “McAfee Family Security” and assume that is how it is activated. However, this is just a reminder of what the extension does—it does not actually protect your family!
A more serious example would be if a user installed this extension, saw that it did nothing, and then dismissed the ‘menu’ option thinking it was unimportant. They would then be unprotected from phishing attacks and malware due to their lack of knowledge regarding how to activate the extension.
Because there is no way to prove that the extension is actually working, people may lose faith in the brand and uninstall it, which would ultimately hurt your company’s profits.
It is unclear what the function of this extension is
This extension was created on January 5, 2019 and does not have many features. It does not have an settings or configuration page, it does not have a homepage when you click the icon, it simply shows a new tab with the GitHub homepage.
The issue with this extension is that it is unclear what function it performs. The description simply states “GitHub desktop integration for GitHub’s enterprise solution” which does not explain what functionality it has.
Upon further investigation, we determined that this extension is likely installed by default when you install Cloud develpoment Suite which includes several other software applications for development purposes. Therefore, unless you are an employee of this company using their suite of software for development purposes, you are likely not affected by this malware.
This is the reason why we are publicizing this discovery- to inform potential users of this suite of software about the possible malware and to have it removed.
Users might think that this extension is part of the Chrome browser
One of the biggest problems with this extension is that users might think it is a official extension for the Chrome browser. The fact that it is available for download in the Chrome Web Store makes this risk bigger.
Chrome has a built-up reputation of having high-quality extensions, so it is likely that many users do not closely examine which extensions they are installing.
Many users simply click the install button without paying close attention to the name of the extension or the name of the company that created it. This can be problematic because malicious developers can use similar names and logos as official extensions.
This makes it even easier for users to mistakenly install a malicious extension because they don’t closely examine the name and logo of the extension before they install it.
The developer did not provide a clear description of what the extension does
Another issue with this extension is that the developer did not provide a clear description of what it does. While the name of the extension gives some indication of what it likely does, the description is where people would get a full picture.
The problem is that the description on the Chrome Web Store only describes what it does in Firefox, not Chrome. It also does not mention all of the features included in the extension.
By not having a full description of what it does, people who install it are putting their faith in 5-star ratings and reviews to see if it works for them. This is a problem because some people may have updated their browser or changed ones and then found out that this extension did not work for them.
The confusion could lead to people thinking something was wrong with their computer or phone when nothing was wrong at all.
The developer did not provide any screenshots of the extension
Screenshots are a very important part of an extension submission. Users like to see what the extension looks like and how it functions. This gives users a better idea of what the extension does and if it is something they want or need.
Since this developer did not provide any screenshots, other users could not make sure that the extension matched its description. This may have caused some confusion for users who tried to install it.
Having no screenshots also makes it harder for other developers to replicate the functionality of the extension. If there is a bug fix or new feature that needs to be implemented, then another developer has to go into detail about how it works without being able to see it.
The developer did not include any information about the current version or previous versions
One major flag with this extension is that the developer did not include any information about the current version or previous versions. There was no mention of what version this was and if it was updated from a previous version.
Users could not see if there were any updates available to download or whether or not the extension was the latest version. This could be a major issue for users as it would mean they are using an outdated extension that may not work properly.
The only way to find this information is by going to the Chrome Web Store page and looking at the “Last Updated” date. Even then, it is not very clear when this update took place.
This could be for several reasons, but one thing we know for sure is that leaving out this information makes it harder for users to determine if the extension is safe to use or not.
The developer did not include any information about who created this application nor who maintains it nor where it came from nor where to find more information about it nor permission granted nor how to contact the creator/maintainer
This is a major red flag that indicates the developer may have been trying to deceive users. By not providing any information on the creator or maintenance of this extension, there is no way to know if it is safe or not.
By allowing anyone to create an extension and then upload it to the Chrome Web Store, Google allows for a lot of deceit. The company even has a policy that states you must include certain information about the extension.
The Touting policy states that you must include information about who created the extension, who maintains it, where it came from, and where to find more information about it. All of these requirements are met through the creation and inclusion of a website for the extension.
This does not prove authenticity but gives users some insight into who created and maintains the extension.