Home > The Newbie Zone > Questions and Answers

Came across a very shady page (5)

03-04-2017 09:50 AM #1 whysoez (Member)
Came across a very shady page

Hi,

Was browsing a torrent site and clicked on a native ad. The ad led me to a generic link like "tkjdkjskdw3e.info" with no content on it. The page them immediately forced my chrome browser window to go fullscreen. Then there was a popup on my screen prompting me to add an extension to Chrome and a background auto-playing voice stating "Click up to close this page" It wouldn't let me exit the fullscreen (it went auto full screen even when I kept pressing the "Esc" button. I had to Alt+TAB my way out of it.

So the advertiser definitely wanted me to force me into install this extension. I thought it'd be a generic search monetization extension but I wanted to verify first. So I looked into the extension in Chrome store and it had a generic name like "Miusdj," no screenshots, no description, no ratings and zero users. I'm not even sure why it exists.

So then I try to visit the URL of that shady page a few minutes later, and I get an error "Not Found The requested URL /fd939xjj/kjkuhi.php was not found on this server."

Some questions:
1. Is it possible to get my PC infected/ransomared via a browser extension?
2. What script/settings does one need to set up so that each user is served a unique page that's inaccessible after a few minutes?
3. What could the possible purpose of this extension have this been?

Felt super black hat. Never seen anything like this. Also felt like it was somehow targeted to me or intended to be cloaked due to the fact that the URL seemed to be dynamically generated and went inaccessible soon after.

03-04-2017 04:25 PM #2 manu_adefy (Veteran Member)

Sounds like some Chrome extension offer ran in a blackhat way by an affiliate.

Usually, and I stress usually, it's not any threat, it's the standard angle people use for most tools for both mobile and desktop devices. And the reason it looks so funky and is not accessible after some time is cloaking.

03-04-2017 11:21 PM #3 whysoez (Member)

Thanks. I don't even know if it was an actual affiliate offer because the extension itself had no actual name, no screenshots, no users, no contact info and no description.

03-05-2017 10:15 AM #4 erikgyepes (Moderator)

Could be also one of those cookie stuffing extensions.

Saw a few for Aliexpress and other ecommerce affiliate offers..

03-06-2017 11:52 AM #5 whysoez (Member)

Quote Originally Posted by erikgyepes View Post
Could be also one of those cookie stuffing extensions.

Saw a few for Aliexpress and other ecommerce affiliate offers..
That one makes sense. I just rechecked and it seems the extension is no longer on Google chrome webstore. Do you know if Google automatically deletes the extension from user's browser at the same time it's removed from Chrome webstore for abuse, etc?

Home > The Newbie Zone > Questions and Answers