.:. 草榴社區 » 技術討論區 » [技术分享] Chrome 正在监视你,部分插件有后门
本頁主題: [技术分享] Chrome 正在监视你,部分插件有后门字體大小 寬屏顯示 只看樓主 最新點評 熱門評論 時間順序
mlysa0128


級別:精靈王 ( 12 )
發帖:3507
威望:1243 點
金錢:80866 USD
貢獻:0 點
註冊:2020-01-28

[技术分享] Chrome 正在监视你,部分插件有后门

本帖被 valen 執行加亮操作(2020-06-22)

在 Twitter 上看到 Chrome Web Store 中有多达 111 个扩展秘密收集用户敏感数据,而它们被总计下载了 3296 万次,Google 官方已经将其下架。这些恶意扩展被发现会收集屏幕截图、设备剪贴板内容,用户登陆网站的浏览器 Cookies,密码等按键。绝大部分扩展都是模块化的,安装之后可以用可执行文件进行更新。

各位聚聚可以按照如下步骤操作看看自己有没有中招。

1.在 Chrome 中输入 chrome://extensions/ 打开扩展程序页面

2.在该页面按下F12,在Console 控制台中运行以下代码,回车,为无风险,为风险项

// https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt

malicious = [
  "acmnokigkgihogfbeooklgemindnbine",
  "apgohnlmnmkblgfplgnlmkjcpocgfomp",
  "apjnadhmhgdobcdanndaphcpmnjbnfng",
  "bahkljhhdeciiaodlkppoonappfnheoi",
  "bannaglhmenocdjcmlkhkcciioaepfpj",
  "bgffinjklipdhacmidehoncomokcmjmh",
  "bifdhahddjbdbjmiekcnmeiffabcfjgh",
  "bjpknhldlbknoidifkjnnkpginjgkgnm",
  "blngdeeenccpfjbkolalandfmiinhkak",
  "ccdfhjebekpopcelcfkpgagbehppkadi",
  "cceejgojinihpakmciijfdgafhpchigo",
  "cebjhmljaodmgmcaecenghhikkjdfabo",
  "chbpnonhcgdbcpicacolalkgjlcjkbbd",
  "cifafogcmckphmnbeipgkpfbjphmajbc",
  "clopbiaijcfolfmjebjinippgmdkkppj",
  "cpgoblgcfemdmaolmfhpoifikehgbjbf",
  "dcmjopnlojhkngkmagminjbiahokmfig",
  "deiiiklocnibjflinkfmefpofgcfhdga",
  "dipecofobdcjnpffbkmfkdbfmjfjfgmn",
  "dopkmmcoegcjggfanajnindneifffpck",
  "dopmojabcdlfbnppmjeaajclohofnbol",
  "edcepmkpdojmciieeijebkodahjfliif",
  "ekbecnhekcpbfgdchfjcfmnocdfpcanj",
  "elflophcopcglipligoibfejllmndhmp",
  "eogfeijdemimhpfhlpjoifeckijeejkc",
  "fcobokliblbalmjmahdebcdalglnieii",
  "fgafnjobnempajahhgebbbpkpegcdlbf",
  "fgcomdacecoimaejookmlcfogngmfmli",
  "fgmeppijnhhafacemgoocgelcflipnfd",
  "fhanjgcjamaagccdkanegeefdpdkeban",
  "flfkimeelfnpapcgmobfgfifhackkend",
  "fmahbaepkpdimfcjpopjklankbbhdobk",
  "foebfmkeamadbhjcdglihfijdaohomlm",
  "fpngnlpmkfkhodklbljnncdcmkiopide",
  "gdifegeihkihjbkkgdijkcpkjekoicbl",
  "gfcmbgjehfhemioddkpcipehdfnjmief",
  "gfdefkjpjdbiiclhimebabkmclmiiegk",
  "ggijmaajgdkdijomfipnpdfijcnodpip",
  "ghgjhnkjohlnmngbniijbkidigifekaa",
  "gllihgnfnbpdmnppfjdlkciijkddfohn",
  "gmmohhcojdhgbjjahhpkfhbapgcfgfne",
  "gofhadkfcffpjdbonbladicjdbkpickk",
  "hapicipmkalhnklammmfdblkngahelln",
  "hijipblimhboccjcnnjnjelcdmceeafa",
  "hmamdkecijcegebmhndhcihjjkndbjgk",
  "hodfejbmfdhcgolcglcojkpfdjjdepji",
  "hpfijbjnmddglpmogpaeofdbehkpball",
  "ianfonfnhjeidghdegbkbbjgliiciiic",
  "ibfjiddieiljjjccjemgnoopkpmpniej",
  "inhdgbalcopmbpjfincjponejamhaeop",
  "iondldgmpaoekbgabgconiajpbkebkin",
  "ipagcbjbgailmjeaojmpiddflpbgjngl",
  "jagbooldjnemiedoagckjomjegkopfno",
  "jdheollkkpfglhohnpgkonecdealeebn",
  "jfefcmidfkpncdkjkkghhmjkafanhiam",
  "jfgkpeobcmjlocjpfgocelimhppdmigj",
  "jghiljaagglmcdeopnjkfhcikjnddhhc",
  "jgjakaebbliafihodjhpkpankimhckdf",
  "jiiinmeiedloeiabcgkdcbbpfelmbaff",
  "jkdngiblfdmfjhiahibnnhcjncehcgab",
  "jkofpdjclecgjcfomkaajhhmmhnninia",
  "kbdbmddhlgckaggdapibpihadohhelao",
  "keceijnpfmmlnebgnkhojinbkopolaom",
  "khhemdcdllgomlbleegjdpbeflgbomcj",
  "kjdcopljcgiekkmjhinmcpioncofoclg",
  "kjgaljeofmfgjfipajjeeflbknekghma",
  "labpefoeghdmpbfijhnnejdmnjccgplc",
  "lameokaalbmnhgapanlloeichlbjloak",
  "lbeekfefglldjjenkaekhnogoplpmfin",
  "lbhddhdfbcdcfbbbmimncbakkjobaedh",
  "ldoiiiffclpggehajofeffljablcodif",
  "lhjdepbplpkgmghgiphdjpnagpmhijbg",
  "ljddilebjpmmomoppeemckhpilhmoaok",
  "ljnfpiodfojmjfbiechgkbkhikfbknjc",
  "lnedcnepmplnjmfdiclhbfhneconamoj",
  "lnlkgfpceclfhomgocnnenmadlhanghf",
  "loigeafmbglngofpkkddgobapkkcaena",
  "lpajppfbbiafpmbeompbinpigbemekcg",
  "majekhlfhmeeplofdolkddbecmgjgplm",
  "mapafdeimlgplbahigmhneiibemhgcnc",
  "mcfeaailfhmpdphgnheboncfiikfkenn",
  "mgkjakldpclhkfadefnoncnjkiaffpkp",
  "mhinpnedhapjlbgnhcifjdkklbeefbpa",
  "mihiainclhehjnklijgpokdpldjmjdap",
  "mmkakbkmcnchdopphcbphjioggaanmim",
  "mopkkgobjofbkkgemcidkndbglkcfhjj",
  "mpifmhgignilkmeckejgamolchmgfdom",
  "nabmpeienmkmicpjckkgihobgleppbkc",
  "nahhmpbckpgdidfnmfkfgiflpjijilce",
  "ncepfbpjhkahgdemgmjmcgbgnfdinnhk",
  "npaklgbiblcbpokaiddpmmbknncnbljb",
  "npdfkclmbnoklkdebjfodpendkepbjek",
  "nplenkhhmalidgamfdejkblbaihndkcm",
  "oalfdomffplbcimjikgaklfamodahpmi",
  "odnakbaioopckimfnkllgijmkikhfhhf",
  "oklejhdbgggnfaggiidiaokelehcfjdp",
  "omgeapkgiddakeoklcapboapbamdgmhp",
  "oonbcpdabjcggcklopgbdagbfnkhbgbe",
  "opahibnipmkjincplepgjiiinbfmppmh",
  "pamchlfnkebmjbfbknoclehcpfclbhpl",
  "pcfapghfanllmbdfiipeiihpkojekckk",
  "pchfjdkempbhcjdifpfphmgdmnmadgce",
  "pdpcpceofkopegffcdnffeenbfdldock",
  "pgahbiaijngfmbbijfgmchcnkipajgha",
  "pidohlmjfgjbafgfleommlolmbjdcpal",
  "pilplloabdedfmialnfchjomjmpjcoej",
  "pklmnoldkkoholegljdkibjjhmegpjep",
  "pknkncdfjlncijifekldbjmeaiakdbof",
  "plmgefkiicjfchonlmnbabfebpnpckkk",
  "pnciakodcdnehobpfcjcnnlcpmjlpkac",
  "ponodoigcmkglddlljanchegmkgkhmgb",
];

document
  .querySelector("extensions-manager")
  .shadowRoot.querySelector("cr-view-manager extensions-item-list")
  .shadowRoot.querySelectorAll("extensions-item")
  .forEach((item) => {
    const name = item.shadowRoot.querySelector("#name").innerText;
    if (malicious.includes(item.id)) {
      console.log("❌", item.id, name);
    } else {
      console.log("✅", item.id, name);
    }
  });


3.删除提示风险的插件


我检查了下自己装的插件,没有问题。不少人在网上反馈中招了,而且目前还没有太好的解决方案。

查验了之前帖子 Chrome浏览器扩展科学上网解决方案 中分享的插件,没有问题。

(传送门)  /htm_data/2002/7/3826752.html


在 Linux 上可以使用以下指令校验是否中招:


cd /home/$USER/.config/chromium/Default/Extensions ls -a > list.txt wget awakesecurity.com/wp-content/upl…comm -12 <( sort list.txt ) <( sort GalComm-Malicious-Chrome-Extensions-Appendix-B.txt )

如果真有中招的,建议暂停使用自己安装的 Chrome ,先换 Microsoft Edge 使用一阵子吧。

说实在的,现在市面上的各种数据隐私解决方案都过于复杂了,用户的使用门槛都很高,大家索性对这块就放任不顾了。世界上最大的 DNA 数据库、最大的面部数据库、最大的数字户籍体系...... 还有很多。

走在路上,看到名为天网(SkyNet)的监控设备高悬头顶,除了这句“雪花飘飘,北风萧萧”,还有就是李清照同学的“寻寻觅觅,冷冷清清,凄凄惨惨戚戚”可以形容了。


赞(19)
本帖最近評分記錄:
威望:+6(valen)
DMCA / ABUSE REPORT | TOP Posted: 06-22 04:44 發表評論
.:. 草榴社區 » 技術討論區


電腦版 手機版 客戶端 DMCA
用時 0.01(s) x3, 10-30 19:23