TL;DR - Our investigation of a single “verified” color picker exposed a coordinated campaign of 18 malicious extensions that infected a massive 2.3 million users across Chrome and Edge.
Should I stop using Dark Reader?
5 Likes
Unless a browser extension is universally vetted and trusted by the community (i.e uBlock Origin), you should probably avoid downloading extensions you don’t need. A “verified” label means nothing nowadays.
Having posted too many news articles about similar attacks, extensions are a common attack vector for malware that goes unnoticed.
6 Likes
Thanks. Is it enough if I remove the extension and all data from Brave?
Extensions for anything should always be avoided.
My brace has blocked browser and GNOME extensions for years now.
1 Like
I’ll do that from now on as well.
Chromium browsers have a built-in dark mode override anyways
1 Like
This was new to me. But I discovered it from the flags now. Much appreciated!
I do think it is important to not that Dark Reader was not affected by this, rather an extension called Dark theme - Dark reader was.
Comparing extension IDs should result in differing output. You can do this via developer mode in most browsers. The article linked above states that the affected dark theme extension has an ID of
eckokfcjbjbgjifpcbdmengnabecdakp
Where the official Dark Reader extension has an ID of
eimadpbcbfnmbkopoojfekhnkhdbieeh
As others have mentioned the functionality of this type of extension exists within the base browser so there is not much need for them anymore.
4 Likes
Does this perhaps negate a large portion of users that diss the use of Anti-Virus or Anti-Malware ?
The tools used were not beyond the fray, if I am led to believe.
Please correct me if I am totally wrong here …
Were there users that did discover the intrusion in its early stages ?
I think an argument can be made that all internet connected desktops and laptops would benefit from some form of layered defense starting with a UPS and automated frequent backups.
Despite the almost daily discovery of new threats such as polymorphic browser extensions and InfoStealers like Arcane, there are those who claim running any anti-virus or malware detection is worse than pointless. That it only provides a false sense of security and is most likely spyware. The only proof they have is that they haven’t been infected… Yet.
They claim this is because they practice superior OpSec. They never mention programmatically analyzing email headers and URL’s and yet, unlike regular folk, they never visit sketchy sites , download dubious software, click on suspicious links, open random attachments, reply to unsolicited text messages or answer unknown callers. In other words, they don’t behave like regular users, are always vigilant and never slip up.
Ever.
2 Likes