Twitter | Search | |
SwiftOnSecurity
Google allows 37,000 Chrome users to be tricked with a fake extension by fraudulent developer who clones popular name and spams keywords.
Reply Retweet Like More
SwiftOnSecurity 9 Oct 17
Replying to @SwiftOnSecurity
Legitimate developers just have to sit back and watch as Google smears them with fake extensions that steal their good name
Reply Retweet Like
SwiftOnSecurity 9 Oct 17
Replying to @SwiftOnSecurity
I'm being mean to Google because there's no way their Chrome team is happy with this extension vetting/moderation situation.
Reply Retweet Like
SwiftOnSecurity 10 Oct 17
Replying to @SwiftOnSecurity
[UPDATE] Google: An Update on Malware in the Chrome Web Store
Reply Retweet Like
SwiftOnSecurity 10 Oct 17
Replying to @SwiftOnSecurity
I'm sorry for being mean, Google.
Reply Retweet Like
SwiftOnSecurity 10 Oct 17
Replying to @AdblockPlus
Reply Retweet Like
SwiftOnSecurity 11 Oct 17
Replying to @AdblockPlus
Update: TWO fake AdBlock Plus, including one with fake user numbers, have been added back to the Chrome extension store, in the same place.
Reply Retweet Like
SwiftOnSecurity 11 Oct 17
Replying to @AdblockPlus
To evade Google filters, attackers have used look-alike Cyrillic Unicode characters in the extension name
Reply Retweet Like
SwiftOnSecurity 11 Oct 17
Replying to @SwiftOnSecurity
We need to stop Unicode until we can get a handle on the situation. No more Unicode.
Reply Retweet Like
SwiftOnSecurity 11 Oct 17
Replying to @SwiftOnSecurity
The Unicode Consortium actually provides a list of confusable Unicode characters
Reply Retweet Like
SwiftOnSecurity 11 Oct 17
Replying to @SwiftOnSecurity
Unicode is magical
Reply Retweet Like
SwiftOnSecurity 11 Oct 17
Replying to @SwiftOnSecurity
Update: The Chrome extension store has been cleaned. I suspect this is a cat-and-mouse thing, so I'll just ignore it going forward...
Reply Retweet Like