We have been recently notified about a suspicious browser extension for Google Chrome. Suspicious because it was called “Avast Free Antivirus 2014″, while our browser extension is actually called Avast Online Security. You can see the fake extension along with our official ones in the printscreens from the Chrome Web Store.
The extension looks professional featuring printscreens of the PC version of Avast 2014 and a good rating of 4 stars. It is so well-done that it may trick users to install it – and indeed almost 2,000 users fell for this.
After installing, the only thing that is added is the little icon between the search bar and options button, as can be seen on the printscreen above, where the extension is already installed.
Viewing the extension code reveals that it is surprisingly lightweight. It merely opens a new tab with a predefined URL when the Avast icon is clicked.
The website, fortunately, is not malicious at all, so there is nothing harmful to the user, other than deceiving them with a false sense of security. The author of the extension created many more extensions, each leading to a different landing page on the same domain. The only comfort we received from this malicious extension, was that our extension was the most downloaded one! That confirms to us that our service is valued (and needed!).
To get the authentic Avast Online Security app for your browser, please visit us on the Chrome Web Store.
“Who wouldn’t want to have more likes on their Facebook page?” This is the motivation of a very trivial code to get more likes, but while other methods usually comprise of adding better content or advertising, this one is a bit easier, and much dirtier. Why not show the like button directly beneath your mouse cursor as you browse a website, make it invisible, and move it as you move your mouse?
The only thing the victim has to do is click; if they are logged in to Facebook, they will automatically like the Facebook page. And of course, it is not only about the number of likes, but each like means the victim will get all the information about this page on their news feed (until they unlike the page), and all friends will also see that you like it – so why not check it out themselves?
This method is possible due to Like Button, a social plugin for Facebook, made by Facebook developers. It is used properly on many legitimate sites, but when combined with CSS hiding and JS moving, the victim has no other chance. If you want to know how to minimize the impact of such tactics, or if you are more into technical details, read on.
Recently we encountered a very suspicious piece of code on some Joomla-powered webpages. The code looks as if garbled and without any special meaning, and starts like this: