Pages:
Author

Topic: Opps, Google did it again - page 2. (Read 382 times)

hero member
Activity: 1344
Merit: 540
July 20, 2020, 10:16:27 AM
#1
1. Go to Google

2. Type "ledger live'

3. The first search returns an Ad, looks legit right?



4. But when you click on it, you will be redirected to ... wait for it.

5. A fake and malicious apps on their Google chrome store.

Code:
https://chrome.google.com/webstore/detail/nanoledger/oiekmlochkbifklpcbokmbbpihdneoln



Checking a bit further (curiosity kicks in), looking at the manifest.json, seems to be writing to a google docs file here:
Code:
https://clients2.google.com/service/update2/crx

Below is the complete code.

Code:
{
   "browser_action": {
      "default_icon": {
         "256": "icons/icon-256.png"
      },
      "default_popup": "index.html",
      "default_title": "NanoLedger"
   },
   "description": "New NanoLedger, more secure, fast confirm transaction.",
   "icons": {
      "128": "icons/icon-128.png",
      "16": "icons/icon-16.png",
      "32": "icons/icon-32.png",
      "64": "icons/icon-64.png"
   },
   "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgx54FjY2SgL8lJFz8BdKMXyOUbI2vCy20X15LMjcPPQpHLDLXWx1j2kVU3NuiL6mA80IbYfZWcs2I0/c0+st30ktRbSbGtoUVenJtWbBzMxHT2vnYe8SzjGwY6nCH467QrW6Yakfb2auHWmTDu380mV2Cx8lW47K9fnGS8d4t9suXSrjZFyo4prBEO5JK7w4xDiGHMXJw4iql3DmoQcBxZGSZiS8jhy54UOjB3Tr6u1vJITSCV2CPmr7+8sHpDCffjXJ6cIiJ6N5eD/nY3mSEuwuhy78NKnTuxsBUJTRlkf6nYWntVeEgfw7PE+rN0u+ZS8pTdQLRy7PNt//5gzp5wIDAQAB",
   "manifest_version": 2,
   "name": "NanoLedger",
   "update_url": "https://clients2.google.com/service/update2/crx",
   "version": "1.0"

So please kindly help me report this malicious apps...
Pages:
Jump to: