Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Bula Vinaka
Oct 21, 2020

Beachside!


Recently, the author of Nano Ad Blocker and Nano Defender sold his applications to software developers that he says he didn't have any reason to not trust or be suspicious of.

It turned out that they were malware authors and quickly pushed out updates that contain malicious code that sends all kinds of user data back to their own server. It appears to mainly be targeting Facebook and Instagram. (Although the malware is such that the authors had control to target any website the user accessed.)

https://www.zdnet.com/article/googl...ting-user-data/

https://github.com/jspenguin2017/Snippets/issues/2

Google removed these long available extensions from its webstore. But because extensions installed from the store auto update and the user can't install updates manually, the malware versions of these extensions were available for quite some time and pushed out their code to all users who had them installed. (This is even the case on Chromium.)

Chrome AFAIK hasn't done any kind of force disabling of these extensions. I had the malware version of Nano Defender installed (version 206), and it was still running when I came across this information by chance.

Nano Ad Blocker is a fork of uBlock Origin. You can either install uBlock Origin, or enable developer mode and then do a "Load Unpacked" for the last version of Nano AdBlocker that was legit (1.0.0.153).

Nano Defender started as a sort of continuation of "Anti Adblock Killer", a script that was designed to thwart websites' attempts to detect that users were using an ad blocker. Its author got burned out, another one took over, that one got burned out, then "uBlock Protector" was started as a replacement. That project got renamed to "Nano Defender" after the author forked uBlock to "Nano AdBlocker". It worked with uBlock Origin and Nano AdBlocker, and now this author has also gotten burned out, and had no idea what he was doing when he went to sell it (in terms of insuring the new developer was trustworthy).

If you want to still use Nano Defender, you can use the last legit version (15.0.0.205). (There are extra setup steps for use with uBlock Origin.)

Only the Chrome versions of Nano Defender and Nano AdBlocker are affected. Firefox and Edge forks are still OK.

It's probably a good idea to add these lines to HOSTS:

127.0.0.1 def.dev-nano.com
127.0.0.1 dev-nano.com

Some more info about the malware, and what you should do if you had it (basically, change Facebook and Instagram passwords, then log out and log back in to those sites):

https://chris.partridge.tech/2020/e...help-for-users/

quote:

In brief, a malware operator has started approaching developers of popular Chrome Web Store extensions, which have:
  • Permission to read and modify all data on all sites (ex. adblockers, development tools).
  • A long malware-free existence (years).
  • High ratings (generally, >4.0).
  • Hundreds of thousands of active installations.
They approach these developers as an anonymous party - generally as a student or a developer just starting out - and ask to purchase rights to the extension. Sometimes those are full rights, and the malware operator assumes full control of the extension (promising to maintain it), other times they negotiate a deal where they only buy the rights to the existing extension and userbase, and allow the original author to upload a new copy of their extension.

Once control of the extensions is handed over to the developers, they load a whatever the current version of their malicious payload is, and all users who have these extensions are infected as Chrome automatically updates them - rolling out malware to hundreds of thousands of users.

Bula Vinaka fucked around with this message at 23:47 on Oct 24, 2020

Adbot
ADBOT LOVES YOU

Lil Swamp Booger Baby
Feb 17, 2011

meat


I wont

feelix
Nov 27, 2016



Thanks nerd

serious norman
Dec 13, 2007


Never.

Lil Swamp Booger Baby
Feb 17, 2011

meat



I will never remove Nano AdBlocker and Nano Defender for Chrome

Pawn 17
Dec 17, 2000

> access main security grid
access: PERMISSION DENIED.







There is a malware extension for your browser that itself is already malware?

sweet thursday
Sep 16, 2012



A lot of jerks all of a sudden. I made sure to download it just so I could remove it like you told me OP

ELI PORTER
Sep 16, 2007

I posted on Something Awful and all I got was this lousy t-shirt


Lil Swamp Booger Baby posted:

I will never remove Nano AdBlocker and Nano Defender for Chrome

Brain Curry
Feb 15, 2007

People think that I'm lazy
People think that I'm this fool because
I give a fuck about the government
I didn't graduate from high school


Nano Defender is the only brand of condom that actually fits

William Henry Hairytaint
Oct 29, 2011



It claims to be a defender but it hurts people?!

Pawn 17
Dec 17, 2000

> access main security grid
access: PERMISSION DENIED.







How dare these criminal malware authors steal my personal information! That information was meant to be sent directly to Google.

sweet thursday
Sep 16, 2012



This guy all he wanted to do was come in here and help you keep all of your protected personal informations to yourselves.

I'm of half a mind that the world sees it and sees you for the sick and twisted people you are

DeadFatDuckFat
Oct 29, 2012

This avatar brought to you by the 'save our dead gay forums' foundation.


poo poo, hey turkish dudes, I definitely didn't watch that weird japanese basilisk man porn, I just left it open in a tab

Bronze Fonz
Feb 14, 2019




thank you OP I have now installed the nano blocker

Kerning Chameleon
Apr 8, 2015

"Thus science marches on blindly, without regard to the real welfare of the human race or to any other standard, obedient only to the psychological needs of the scientists"
-Theodore Kaczynski

We Must Dissent

Is there any danger in leaving the filter lists you had to subscribe to to make Nano Defender work properly?

Frank Frank
Jun 13, 2001

Cry havoc and let slip the dogs of "meh"

Malware owns. I love malware

Bula Vinaka
Oct 21, 2020

Beachside!


Kerning Chameleon posted:

Is there any danger in leaving the filter lists you had to subscribe to to make Nano Defender work properly?

I don't think so, but personally I'd either delete them, or install Nano Defender 15.0.0.205 as an unpacked extension in developer mode if I want to keep the filter lists.

Bula Vinaka
Oct 21, 2020

Beachside!


Frank Frank posted:

Malware owns. I love malware

Things sure would be boring without it!

buglord
Jul 31, 2010




Buglord

bump

i kinda hate it when I use an app for a long time without checking up on it and it turns out its mega evil now

Spinz
Jan 7, 2020



English please

gimme the GOD DAMN candy
Jul 1, 2007


i got the message about it being malware, so i looked into it. the terrible violation this extension achieves seems to exclusively be hijacking instagram accounts to hit like on a bunch of stuff. there's no reason to keep it around, but that's the most trivial goddamn thing it could possibly do.

Lil Swamp Booger Baby
Feb 17, 2011

meat


gimme the GOD drat candy posted:

i got the message about it being malware, so i looked into it. the terrible violation this extension achieves seems to exclusively be hijacking instagram accounts to hit like on a bunch of stuff. there's no reason to keep it around, but that's the most trivial goddamn thing it could possibly do.

Is that why my work accounts suddenly got a trillion likes from randos.

Bula Vinaka
Oct 21, 2020

Beachside!


I've read from some sources that say Nano Defender is probably not really doing much of anything anymore. People have it installed and think that it's stopping "turn off your ad blocker to continue" messages, but in reality it's probably uBlock Origin that is doing that on its own, as the developers say they have been improving its ability to do this for quite some time now.

bossy lady
Jul 5, 2006



If you don't browse the internet with lynx I don't know what you're doing with your life.

Samuel L. ACKSYN
Feb 29, 2008




bossy lady posted:

don't browse the internet


this is the only good advice

peter gabriel
Nov 8, 2011

Hello Commandos


That one web tv guy is feelin pretty smug right about now

Chief McHeath
Apr 23, 2002



I used to "download" "mall warez," I'd go to Hot Topic and Spencer's Gifts and EB Games and Babbage's and steal poo poo to sell later.

RusteJuxx
Jul 14, 2001



College Slice

I've always worried uBlock Origin would get turned into malware given the level of access it needs, so this doesn't surprise me that a fork of it would eventually have this happen. I don't use Nano Defender, but thanks for the heads up.

Doc Block
Apr 15, 2003

Hello!


Fun Shoe

This is why the Safari content blocker extension system is better than using regular browser extensions: the content blocker extension never sees the content of the web pages, whereas regular browser extensions see all of it and there’s nothing preventing them from stealing your bank password etc

Moon Atari
Dec 26, 2010
https://fi.somethingawful.com/images/avatars/navi2.jpg

Hair Elf

It was only about a fortnight ago that I switched to nano from ublock while setting up my new laptop, so genuinely thanks for the heads up OP.

vyst
Aug 25, 2009





The only malware i see are your posts OP but thanks for the heads up

Statutory Ape
Sep 12, 2017




my god we're all just nano bots

gary oldmans diary
Sep 26, 2005



this seems like the sort of thing someone in advertising would do to get people to see more ads
i want to know what ops angle is

Colonel Cancer
Sep 26, 2015

I thought it was time you had a new av so typed in random picture and this is what came up


There's nothing nano about my computer binch it's all macro even the viruses

Statutory Ape
Sep 12, 2017




gary oldmans diary posted:

this seems like the sort of thing someone in advertising would do to get people to see more ads
i want to know what ops angle is

advertising 2.0: they just jack in and steal ur money

EorayMel
May 29, 2015

You got the fluffy kitty kitty!


Firefox wins again

Call Your Grandma
Jan 17, 2010



what if instead of making all these programs to suss out malware there was a program that just continuously installed bonware on your computer to balance it out?

Chinatown
Sep 11, 2001

~*Suck My Balls*~

Fun Shoe

show yourself coward

i will never uninstall

Tom Gorman
Apr 30, 2004

Out here, everything hurts




if someone steals my identity they inherit all my debt right

its like faking your own death without all the hassle

Adbot
ADBOT LOVES YOU

Code Jockey
Jan 24, 2006

you can call
but I seldom answer after all





EorayMel posted:

Firefox wins again

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply