You should
10 months ago
1
0
0
0
Posts by Jaime Blasco
parrottalks extension also affected (40k users) kkodiihpgodmdankclfibbiphjkfdenh
t.co/SMFH07Gnv8
1 year ago
6
0
0
0
Uvoice (40k downloads) also compromised today using uvoice[.]live
oaikpkmjciadfpddlpjjdapglcihgdle
t.co/hGkxieETWj
1 year ago
6
0
0
0
VPNCity chrome extension also affected chromewebstore.google.com/detail/vpnci... more than 50k users. Using the vpncity[.]live domain
1 year ago
4
0
0
0
Other domains that that might targeting other chrome extensions:
bookmarkfc[.]info
vpncity[.]live
castorus[.]info
parrottalks[.]info
primusext[.]pro
censortracker[.]pro
uvoice[.]live
iobit[.]pro
moonsift[.]store
yujaverity[.]info
wayinai[.]live
readermodeext[.]info
policyextension[.]info
1 year ago
5
0
0
0
There is code to receive commands from the malicious domain:
1 year ago
0
0
1
0
including internxtvpn[.]pro
The extension dpggmcodlahmljkhlmpgpdcffdaoccni - Internxt VPN chromewebstore.google.com/detail/inter... was updated December 25th that added a new content script that runs on every url (cont)
1 year ago
0
0
1
0
Regarding the Cyberhaven chrome extension compromise I have reasons to believe there are other extensions affected. Pivoting by the ip address there are more domains created within the same time range resolving to the same ip address as cyberhavenext[.]pro (cont)
1 year ago
5
1
1
2
Advertisement
Google IS dancing
1 year ago
0
0
0
0
See you in Baides Austin next week.
1 year ago
1
0
0
0