Most importantly, the minified javascript differs significantly from that distributed by the OWA project.” However, the site contains no real information other than the tracking scripts, and is only found in the context of this extension. That site is one month old, and is clearly designed to appear innocent, being hosted on a public webhost, and being given a seemingly innocent homepage from the CentOS project. Those are hosted on the unrelated site, which turns out to be immensely suspicious. Although OpenWebAnalytics is a real software, it does not provide the files executed by the extension. “On November 6th, discovered a smoking gun that the new maintainer is malicious. This change was supposedly in order to enable new screenshot functionality, but that was unclear.” “That lets the extension do what it pleases, including inserting ads, blocking sites, forcible redirects…. As Github’s TheMageKing wrote in November of last year: The extension suddenly started asking for new permissions as well, like an all-encompassing ability to mess with your browser’s web requests.
Here’s the longer story: The Great Suspender has a new maintainer (formerly Dean Oemcke), and this unknown entity dropped a few silent updates to new builds of the extension allowing it to connect to various third-party servers and execute code.
0 kommentar(er)
