共享干货

Chrome中111个扩展插件留有后门手机用户信息,检查是否中招方法分享

    在 Twitter 上看到 Chrome Web Store 中有多达 111 个扩展秘密收集用户敏感数据,而它们被总计下载了 3296 万次,Google 官方已经将其下架。这些恶意扩展被发现会收集屏幕截图、设备剪贴板内容,用户登陆网站的浏览器 Cookies,密码等按键。绝大部分扩展都是模块化的,安装之后可以用可执行文件进行更新。

各位朋友可以按照如下步骤操作看看自己有没有中招。

1.在 Chrome 中输入 chrome://extensions/ 打开扩展程序页面

2.在该页面按下F12,在Console 控制台中运行以下代码,回车,为无风险,为风险项

// https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt

malicious = [
  "acmnokigkgihogfbeooklgemindnbine",
  "apgohnlmnmkblgfplgnlmkjcpocgfomp",
  "apjnadhmhgdobcdanndaphcpmnjbnfng",
  "bahkljhhdeciiaodlkppoonappfnheoi",
  "bannaglhmenocdjcmlkhkcciioaepfpj",
  "bgffinjklipdhacmidehoncomokcmjmh",
  "bifdhahddjbdbjmiekcnmeiffabcfjgh",
  "bjpknhldlbknoidifkjnnkpginjgkgnm",
  "blngdeeenccpfjbkolalandfmiinhkak",
  "ccdfhjebekpopcelcfkpgagbehppkadi",
  "cceejgojinihpakmciijfdgafhpchigo",
  "cebjhmljaodmgmcaecenghhikkjdfabo",
  "chbpnonhcgdbcpicacolalkgjlcjkbbd",
  "cifafogcmckphmnbeipgkpfbjphmajbc",
  "clopbiaijcfolfmjebjinippgmdkkppj",
  "cpgoblgcfemdmaolmfhpoifikehgbjbf",
  "dcmjopnlojhkngkmagminjbiahokmfig",
  "deiiiklocnibjflinkfmefpofgcfhdga",
  "dipecofobdcjnpffbkmfkdbfmjfjfgmn",
  "dopkmmcoegcjggfanajnindneifffpck",
  "dopmojabcdlfbnppmjeaajclohofnbol",
  "edcepmkpdojmciieeijebkodahjfliif",
  "ekbecnhekcpbfgdchfjcfmnocdfpcanj",
  "elflophcopcglipligoibfejllmndhmp",
  "eogfeijdemimhpfhlpjoifeckijeejkc",
  "fcobokliblbalmjmahdebcdalglnieii",
  "fgafnjobnempajahhgebbbpkpegcdlbf",
  "fgcomdacecoimaejookmlcfogngmfmli",
  "fgmeppijnhhafacemgoocgelcflipnfd",
  "fhanjgcjamaagccdkanegeefdpdkeban",
  "flfkimeelfnpapcgmobfgfifhackkend",
  "fmahbaepkpdimfcjpopjklankbbhdobk",
  "foebfmkeamadbhjcdglihfijdaohomlm",
  "fpngnlpmkfkhodklbljnncdcmkiopide",
  "gdifegeihkihjbkkgdijkcpkjekoicbl",
  "gfcmbgjehfhemioddkpcipehdfnjmief",
  "gfdefkjpjdbiiclhimebabkmclmiiegk",
  "ggijmaajgdkdijomfipnpdfijcnodpip",
  "ghgjhnkjohlnmngbniijbkidigifekaa",
  "gllihgnfnbpdmnppfjdlkciijkddfohn",
  "gmmohhcojdhgbjjahhpkfhbapgcfgfne",
  "gofhadkfcffpjdbonbladicjdbkpickk",
  "hapicipmkalhnklammmfdblkngahelln",
  "hijipblimhboccjcnnjnjelcdmceeafa",
  "hmamdkecijcegebmhndhcihjjkndbjgk",
  "hodfejbmfdhcgolcglcojkpfdjjdepji",
  "hpfijbjnmddglpmogpaeofdbehkpball",
  "ianfonfnhjeidghdegbkbbjgliiciiic",
  "ibfjiddieiljjjccjemgnoopkpmpniej",
  "inhdgbalcopmbpjfincjponejamhaeop",
  "iondldgmpaoekbgabgconiajpbkebkin",
  "ipagcbjbgailmjeaojmpiddflpbgjngl",
  "jagbooldjnemiedoagckjomjegkopfno",
  "jdheollkkpfglhohnpgkonecdealeebn",
  "jfefcmidfkpncdkjkkghhmjkafanhiam",
  "jfgkpeobcmjlocjpfgocelimhppdmigj",
  "jghiljaagglmcdeopnjkfhcikjnddhhc",
  "jgjakaebbliafihodjhpkpankimhckdf",
  "jiiinmeiedloeiabcgkdcbbpfelmbaff",
  "jkdngiblfdmfjhiahibnnhcjncehcgab",
  "jkofpdjclecgjcfomkaajhhmmhnninia",
  "kbdbmddhlgckaggdapibpihadohhelao",
  "keceijnpfmmlnebgnkhojinbkopolaom",
  "khhemdcdllgomlbleegjdpbeflgbomcj",
  "kjdcopljcgiekkmjhinmcpioncofoclg",
  "kjgaljeofmfgjfipajjeeflbknekghma",
  "labpefoeghdmpbfijhnnejdmnjccgplc",
  "lameokaalbmnhgapanlloeichlbjloak",
  "lbeekfefglldjjenkaekhnogoplpmfin",
  "lbhddhdfbcdcfbbbmimncbakkjobaedh",
  "ldoiiiffclpggehajofeffljablcodif",
  "lhjdepbplpkgmghgiphdjpnagpmhijbg",
  "ljddilebjpmmomoppeemckhpilhmoaok",
  "ljnfpiodfojmjfbiechgkbkhikfbknjc",
  "lnedcnepmplnjmfdiclhbfhneconamoj",
  "lnlkgfpceclfhomgocnnenmadlhanghf",
  "loigeafmbglngofpkkddgobapkkcaena",
  "lpajppfbbiafpmbeompbinpigbemekcg",
  "majekhlfhmeeplofdolkddbecmgjgplm",
  "mapafdeimlgplbahigmhneiibemhgcnc",
  "mcfeaailfhmpdphgnheboncfiikfkenn",
  "mgkjakldpclhkfadefnoncnjkiaffpkp",
  "mhinpnedhapjlbgnhcifjdkklbeefbpa",
  "mihiainclhehjnklijgpokdpldjmjdap",
  "mmkakbkmcnchdopphcbphjioggaanmim",
  "mopkkgobjofbkkgemcidkndbglkcfhjj",
  "mpifmhgignilkmeckejgamolchmgfdom",
  "nabmpeienmkmicpjckkgihobgleppbkc",
  "nahhmpbckpgdidfnmfkfgiflpjijilce",
  "ncepfbpjhkahgdemgmjmcgbgnfdinnhk",
  "npaklgbiblcbpokaiddpmmbknncnbljb",
  "npdfkclmbnoklkdebjfodpendkepbjek",
  "nplenkhhmalidgamfdejkblbaihndkcm",
  "oalfdomffplbcimjikgaklfamodahpmi",
  "odnakbaioopckimfnkllgijmkikhfhhf",
  "oklejhdbgggnfaggiidiaokelehcfjdp",
  "omgeapkgiddakeoklcapboapbamdgmhp",
  "oonbcpdabjcggcklopgbdagbfnkhbgbe",
  "opahibnipmkjincplepgjiiinbfmppmh",
  "pamchlfnkebmjbfbknoclehcpfclbhpl",
  "pcfapghfanllmbdfiipeiihpkojekckk",
  "pchfjdkempbhcjdifpfphmgdmnmadgce",
  "pdpcpceofkopegffcdnffeenbfdldock",
  "pgahbiaijngfmbbijfgmchcnkipajgha",
  "pidohlmjfgjbafgfleommlolmbjdcpal",
  "pilplloabdedfmialnfchjomjmpjcoej",
  "pklmnoldkkoholegljdkibjjhmegpjep",
  "pknkncdfjlncijifekldbjmeaiakdbof",
  "plmgefkiicjfchonlmnbabfebpnpckkk",
  "pnciakodcdnehobpfcjcnnlcpmjlpkac",
  "ponodoigcmkglddlljanchegmkgkhmgb",
];

document
  .querySelector("extensions-manager")
  .shadowRoot.querySelector("cr-view-manager extensions-item-list")
  .shadowRoot.querySelectorAll("extensions-item")
  .forEach((item) => {
    const name = item.shadowRoot.querySelector("#name").innerText;
    if (malicious.includes(item.id)) {
      console.log("❌", item.id, name);
    } else {
      console.log("✅", item.id, name);
    }
  });

3.删除提示风险的插件


我检查了下自己装的插件,没有问题。不少人在网上反馈中招了,而且目前还没有太好的解决方案。



在 Linux 上可以使用以下指令校验是否中招:

cd /home/$USER/.config/chromium/Default/Extensions ls -a > list.txt wget awakesecurity.com/wp-content/upl…comm -12 <( sort list.txt ) <( sort GalComm-Malicious-Chrome-Extensions-Appendix-B.txt )

如果真有中招的,建议暂停使用自己安装的 Chrome ,先换 Microsoft Edge 使用一阵子吧。

说实在的,现在市面上的各种数据隐私解决方案都过于复杂了,用户的使用门槛都很高,大家索性对这块就放任不顾了。世界上最大的 DNA 数据库、最大的面部数据库、最大的数字户籍体系...... 还有很多。

走在路上,看到名为天网(SkyNet)的监控设备高悬头顶,除了这句“雪花飘飘,北风萧萧”,还有就是李清照同学的“寻寻觅觅,冷冷清清,凄凄惨惨戚戚”可以形容了。

相关资讯

评论

回复