[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

MIND

Version 2.152.1 View in Chrome Web Store

Last scanned: about 9 hours ago

Extension Details

Rating: 5.0 ★ (1 rating)

Users: 100,000

Context-Aware Verdict

CRITICAL

Overall Risk

Trust Factors:

The extension shows several concerning trust indicators. With only 1 rating despite having 100,000 users, this suggests either artificially inflated user numbers or suppressed user feedback. The perfect 5.0 rating from a single review is highly suspicious for an extension with this user base. The lack of developer information and empty description field are major red flags that indicate poor transparency and accountability.

Concerns:

The extension requests an extremely dangerous combination of permissions that far exceed what most legitimate extensions require. The identity and identity.email permissions combined with broad host access create a perfect storm for data harvesting and account compromise. The downloads permission alongside scripting capabilities could enable malicious file distribution. The nativeMessaging permission is particularly concerning as it allows communication with native applications on your system, potentially bypassing browser security boundaries. The <all_urls> host permission grants unrestricted access to every website you visit, enabling comprehensive tracking and data theft.

Recommendations:

Do not install this extension under any circumstances. The permission set combined with lack of transparency suggests this is likely malicious software. If already installed, remove it immediately and consider running a security scan. The broad permissions could have compromised sensitive accounts, so review recent account activity and consider changing passwords for important services. If you absolutely must test similar functionality, use a completely isolated browser profile with no access to personal accounts or sensitive data.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: downloads

This extension has the downloads permission. Can download files and access download history. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: identity

This extension has the identity permission. Can access your identity information. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: contextMenus

This extension has the contextMenus permission. Can add items to the context menu.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "MIND",
  "icons": {
    "16": "icons/online_16.png",
    "32": "icons/online_32.png",
    "48": "icons/online_48.png",
    "128": "icons/online_128.png"
  },
  "action": {
    "default_icon": {
      "16": "icons/offline_16.png",
      "32": "icons/offline_32.png",
      "48": "icons/offline_48.png",
      "128": "icons/offline_128.png"
    }
  },
  "version": "2.152.1",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "MIND Security Endpoint",
  "permissions": [
    "identity",
    "identity.email",
    "downloads",
    "scripting",
    "alarms",
    "storage",
    "nativeMessaging",
    "contextMenus"
  ],
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3
}

by ✦ Astarte

http://sheetjs.com	https://github.com/markedjs/marked.
https://app.mind.io/	https://api.mind.io
https://mind.io/anywhere/	https://clients2.google.com/service/update2/crx

MIND

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (6 total):

Raw Manifest

Detections

Manifest Findings