[技术分享] Chrome 正在监视你,部分插件有后门
本帖被 valen 執行加亮操作(2020-06-22) 在 Twitter 上看到 Chrome Web Store 中有多达 111 个扩展秘密收集用户敏感数据,而它们被总计下载了 3296 万次,Google 官方已经将其下架。这些恶意扩展被发现会收集屏幕截图、设备剪贴板内容,用户登陆网站的浏览器 Cookies,密码等按键。绝大部分扩展都是模块化的,安装之后可以用可执行文件进行更新。
各位聚聚可以按照如下步骤操作看看自己有没有中招。
1.在 Chrome 中输入 chrome://extensions/ 打开扩展程序页面
2.在该页面按下F12,在Console 控制台中运行以下代码,回车,✅为无风险,❌为风险项 // https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt
malicious = [ "acmnokigkgihogfbeooklgemindnbine", "apgohnlmnmkblgfplgnlmkjcpocgfomp", "apjnadhmhgdobcdanndaphcpmnjbnfng", "bahkljhhdeciiaodlkppoonappfnheoi", "bannaglhmenocdjcmlkhkcciioaepfpj", "bgffinjklipdhacmidehoncomokcmjmh", "bifdhahddjbdbjmiekcnmeiffabcfjgh", "bjpknhldlbknoidifkjnnkpginjgkgnm", "blngdeeenccpfjbkolalandfmiinhkak", "ccdfhjebekpopcelcfkpgagbehppkadi", "cceejgojinihpakmciijfdgafhpchigo", "cebjhmljaodmgmcaecenghhikkjdfabo", "chbpnonhcgdbcpicacolalkgjlcjkbbd", "cifafogcmckphmnbeipgkpfbjphmajbc", "clopbiaijcfolfmjebjinippgmdkkppj", "cpgoblgcfemdmaolmfhpoifikehgbjbf", "dcmjopnlojhkngkmagminjbiahokmfig", "deiiiklocnibjflinkfmefpofgcfhdga", "dipecofobdcjnpffbkmfkdbfmjfjfgmn", "dopkmmcoegcjggfanajnindneifffpck", "dopmojabcdlfbnppmjeaajclohofnbol", "edcepmkpdojmciieeijebkodahjfliif", "ekbecnhekcpbfgdchfjcfmnocdfpcanj", "elflophcopcglipligoibfejllmndhmp", "eogfeijdemimhpfhlpjoifeckijeejkc", "fcobokliblbalmjmahdebcdalglnieii", "fgafnjobnempajahhgebbbpkpegcdlbf", "fgcomdacecoimaejookmlcfogngmfmli", "fgmeppijnhhafacemgoocgelcflipnfd", "fhanjgcjamaagccdkanegeefdpdkeban", "flfkimeelfnpapcgmobfgfifhackkend", "fmahbaepkpdimfcjpopjklankbbhdobk", "foebfmkeamadbhjcdglihfijdaohomlm", "fpngnlpmkfkhodklbljnncdcmkiopide", "gdifegeihkihjbkkgdijkcpkjekoicbl", "gfcmbgjehfhemioddkpcipehdfnjmief", "gfdefkjpjdbiiclhimebabkmclmiiegk", "ggijmaajgdkdijomfipnpdfijcnodpip", "ghgjhnkjohlnmngbniijbkidigifekaa", "gllihgnfnbpdmnppfjdlkciijkddfohn", "gmmohhcojdhgbjjahhpkfhbapgcfgfne", "gofhadkfcffpjdbonbladicjdbkpickk", "hapicipmkalhnklammmfdblkngahelln", "hijipblimhboccjcnnjnjelcdmceeafa", "hmamdkecijcegebmhndhcihjjkndbjgk", "hodfejbmfdhcgolcglcojkpfdjjdepji", "hpfijbjnmddglpmogpaeofdbehkpball", "ianfonfnhjeidghdegbkbbjgliiciiic", "ibfjiddieiljjjccjemgnoopkpmpniej", "inhdgbalcopmbpjfincjponejamhaeop", "iondldgmpaoekbgabgconiajpbkebkin", "ipagcbjbgailmjeaojmpiddflpbgjngl", "jagbooldjnemiedoagckjomjegkopfno", "jdheollkkpfglhohnpgkonecdealeebn", "jfefcmidfkpncdkjkkghhmjkafanhiam", "jfgkpeobcmjlocjpfgocelimhppdmigj", "jghiljaagglmcdeopnjkfhcikjnddhhc", "jgjakaebbliafihodjhpkpankimhckdf", "jiiinmeiedloeiabcgkdcbbpfelmbaff", "jkdngiblfdmfjhiahibnnhcjncehcgab", "jkofpdjclecgjcfomkaajhhmmhnninia", "kbdbmddhlgckaggdapibpihadohhelao", "keceijnpfmmlnebgnkhojinbkopolaom", "khhemdcdllgomlbleegjdpbeflgbomcj", "kjdcopljcgiekkmjhinmcpioncofoclg", "kjgaljeofmfgjfipajjeeflbknekghma", "labpefoeghdmpbfijhnnejdmnjccgplc", "lameokaalbmnhgapanlloeichlbjloak", "lbeekfefglldjjenkaekhnogoplpmfin", "lbhddhdfbcdcfbbbmimncbakkjobaedh", "ldoiiiffclpggehajofeffljablcodif", "lhjdepbplpkgmghgiphdjpnagpmhijbg", "ljddilebjpmmomoppeemckhpilhmoaok", "ljnfpiodfojmjfbiechgkbkhikfbknjc", "lnedcnepmplnjmfdiclhbfhneconamoj", "lnlkgfpceclfhomgocnnenmadlhanghf", "loigeafmbglngofpkkddgobapkkcaena", "lpajppfbbiafpmbeompbinpigbemekcg", "majekhlfhmeeplofdolkddbecmgjgplm", "mapafdeimlgplbahigmhneiibemhgcnc", "mcfeaailfhmpdphgnheboncfiikfkenn", "mgkjakldpclhkfadefnoncnjkiaffpkp", "mhinpnedhapjlbgnhcifjdkklbeefbpa", "mihiainclhehjnklijgpokdpldjmjdap", "mmkakbkmcnchdopphcbphjioggaanmim", "mopkkgobjofbkkgemcidkndbglkcfhjj", "mpifmhgignilkmeckejgamolchmgfdom", "nabmpeienmkmicpjckkgihobgleppbkc", "nahhmpbckpgdidfnmfkfgiflpjijilce", "ncepfbpjhkahgdemgmjmcgbgnfdinnhk", "npaklgbiblcbpokaiddpmmbknncnbljb", "npdfkclmbnoklkdebjfodpendkepbjek", "nplenkhhmalidgamfdejkblbaihndkcm", "oalfdomffplbcimjikgaklfamodahpmi", "odnakbaioopckimfnkllgijmkikhfhhf", "oklejhdbgggnfaggiidiaokelehcfjdp", "omgeapkgiddakeoklcapboapbamdgmhp", "oonbcpdabjcggcklopgbdagbfnkhbgbe", "opahibnipmkjincplepgjiiinbfmppmh", "pamchlfnkebmjbfbknoclehcpfclbhpl", "pcfapghfanllmbdfiipeiihpkojekckk", "pchfjdkempbhcjdifpfphmgdmnmadgce", "pdpcpceofkopegffcdnffeenbfdldock", "pgahbiaijngfmbbijfgmchcnkipajgha", "pidohlmjfgjbafgfleommlolmbjdcpal", "pilplloabdedfmialnfchjomjmpjcoej", "pklmnoldkkoholegljdkibjjhmegpjep", "pknkncdfjlncijifekldbjmeaiakdbof", "plmgefkiicjfchonlmnbabfebpnpckkk", "pnciakodcdnehobpfcjcnnlcpmjlpkac", "ponodoigcmkglddlljanchegmkgkhmgb", ];
document .querySelector("extensions-manager") .shadowRoot.querySelector("cr-view-manager extensions-item-list") .shadowRoot.querySelectorAll("extensions-item") .forEach((item) => { const name = item.shadowRoot.querySelector("#name").innerText; if (malicious.includes(item.id)) { console.log("❌", item.id, name); } else { console.log("✅", item.id, name); } });3.删除提示风险的插件 我检查了下自己装的插件,没有问题。不少人在网上反馈中招了,而且目前还没有太好的解决方案。
查验了之前帖子 Chrome浏览器扩展科学上网解决方案 中分享的插件,没有问题。
(传送门) /htm_data/2002/7/3826752.html
在 Linux 上可以使用以下指令校验是否中招:cd /home/$USER/.config/chromium/Default/Extensions ls -a > list.txt wget awakesecurity.com/wp-content/upl…comm -12 <( sort list.txt ) <( sort GalComm-Malicious-Chrome-Extensions-Appendix-B.txt )如果真有中招的,建议暂停使用自己安装的 Chrome ,先换 Microsoft Edge 使用一阵子吧。
说实在的,现在市面上的各种数据隐私解决方案都过于复杂了,用户的使用门槛都很高,大家索性对这块就放任不顾了。世界上最大的 DNA 数据库、最大的面部数据库、最大的数字户籍体系...... 还有很多。
走在路上,看到名为天网(SkyNet)的监控设备高悬头顶,除了这句“雪花飘飘,北风萧萧”,还有就是李清照同学的“寻寻觅觅,冷冷清清,凄凄惨惨戚戚”可以形容了。
赞(19)
|