Google Chrome extension ‘Web Obtain Supervisor’ put in by greater than 200,000 customers is adware.
The extension has been sitting on the Chrome Internet Retailer since no less than June 2019, in accordance with the earliest opinions posted by customers.
Though the extension might set up a identified and bonafide obtain supervisor program, BleepingComputer noticed undesirable habits exhibited by the extension—comparable to opening hyperlinks to spammy websites, altering the default browser search engine, and additional hounding the person with pop-ups asking them to obtain extra “patches” and undesirable packages.
Dodgy Chrome extension put in by 200,000+ customers
A concered BleepingComputer reader reached out to us on seeing a Chrome add-on “operating malicious websites by impersonating well-known software program.”
And their concern appears legitimate. The ‘Web Obtain Supervisor’ browser extension put in by greater than 200,000 customers to this point would not appear all that harmless.
There does exist a official Home windows program known as Web Obtain Supervisor, revealed by software program firm Tonec.
Tonec does provide Web Obtain Supervisor extensions for Firefox and Chrome. However, the genuine Chrome extension supplied by the corporate is known as ‘IDM Integration Module.’
Additional, Tonec’s FAQ particularly warns, “Please observe that each one IDM extensions that may be present in Google Retailer are faux and shouldn’t be used.”
In contrast, the counterfeit ‘Web Obtain Supervisor’ Chrome extension appears to be maintained by an internet site known as “Puupnewsapp” that claims “it will increase your obtain velocity as much as 500%” making it a “tremendous software program” for downloading video games, films, music, and “massive recordsdata in minutes.” Sounds promising.
The directions supplied by the knock-off extension are much more perplexing—why does one have to obtain and set up a number of packages after putting in the extension?
Particularly, upon putting in ‘Web Obtain Supervisor,’ customers are actually requested to put in an executable from the puupnewsapp web site, and moreover obtain a “Home windows patch” ZIP file:
hxxps://www.puupnewsapp[.]com/idman638build25.exe
hxxps://www.puupnewsapp[.]com/home windows.zip
The ‘idman638build25.exe’ executable seems to be a legitimate, signed model of the official Tonec Web Obtain Supervisor.
The ‘home windows.zip’ archive analyzed by BleepingComputer, comprises each 32-bit and 64-bit variations of NodeJS, and executes JavaScript code to regulate Chrome and Firefox registry settings.
Alters serps, promotes spam
What additionally stood out to us was that putting in the extension in a take a look at atmosphere modified the default browser search engine to smartwebfinder[.]com.
Frequent pop-ups urging the person to put in extra add-ons, comparable to for Firefox, have been additionally noticed, as was the extension launching third-party websites within the browser.
Fortunately, reviewers, some from as early as 2019, appear to have noticed the dodgy habits. Though loads of (probably inauthentic) reviewers declare to don’t have any points with the extension.
BleepingComputer readers have beforehand reported points with related rogue extensions they’d discovered on the Chrome Internet Retailer.
The particulars of the counterfeit extension are as follows:
Extension ID: lcdlanlaneooailnebnhamiiieebikid
.crx hash (SHA-256): b4b47730b62592c21368c2546e578342fff8383693e89211155c2d61d88058ba
Internet Retailer URL: hxxps://chrome.google[.]com/webstore/element/internet-download-manager/lcdlanlaneooailnebnhamiiieebikid?hl=en
BleepingComputer reached out to Tonec for remark, and we’ve additionally notified Google of the malicious extension previous to publishing.
A fast search on the Chrome Internet Retailer for “IDM,” “IDM integration add-ons,” or “Obtain Supervisor” will yield outcomes containing extensions with tons of of hundreds of person installs, and favorable opinions that will seem promising.
Whereas not all of those extensions could also be dangerous, customers needs to be cautious when putting in new Chrome extensions and confirm if these are official variations revealed by trusted software program distributors.