CRXaminer

[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Last scanned: about 5 hours ago

Extension Details

Context-Aware Verdict

CRITICAL

Overall Risk

Trust Factors:

The extension presents significant trust concerns due to missing critical information. The name, description, author, and developer details are all blank, which is highly unusual and suspicious for a legitimate extension. With no user count, rating information, or identifiable developer, there are no positive trust indicators to evaluate. The lack of transparency raises immediate red flags about the extension's legitimacy and intentions.

Concerns:

The extension requests an extremely broad and invasive set of permissions that far exceed what most legitimate extensions require. The combination of all_urls access, webRequest interception, cookie manipulation, download capabilities, and universal content script injection creates a perfect storm for malicious activity. The extension can essentially monitor, modify, and control all web browsing activity, access sensitive data across all websites, manipulate downloads, steal authentication cookies, and inject malicious code anywhere. The duplicate storage permission listing suggests poor development practices or potential obfuscation attempts.

Recommendations:

Do not install this extension under any circumstances. The combination of missing developer information, excessive permissions, and critical security findings makes this extension extremely dangerous. If you have already installed it, remove it immediately and consider running a security scan. The broad permissions could enable data theft, credential harvesting, financial fraud, or complete browser compromise. Even running in a separate profile would not adequately mitigate these risks given the extension's capabilities.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: <all_urls>

This extension has the <all_urls> permission. Can access all websites and their content. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: cookies

This extension has the cookies permission. Can access and modify browser cookies. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: downloads

This extension has the downloads permission. Can download files and access download history. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webRequest

This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: contextMenus

This extension has the contextMenus permission. Can add items to the context menu.

MEDIUM

Medium-Risk Permission: notifications

This extension has the notifications permission. Can show notifications.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

storage
sidePanel
downloads
cookies
webRequest
activeTab
<all_urls>
tabs
contextMenus
storage
notifications

Host Permissions:

*://*/*
<all_urls>

Embedded URLs (76 total):

https://pan.baidu.com	http://pcsdata.baidu.com/
https://netdisk-v20.cdn.bcebos.com/sdk/	https://netdisk-v20.cdn.bcebos.com/sdk/fitype_icon_folder.png
https://netdisk-v20.cdn.bcebos.com/sdk/fitype_icon_sharefolder.png	https://staticwx.cdn.bcebos.com/mini-program/images/
https://netdisk-v20.cdn.bcebos.com/sdk/fitype_icon_allfolder.png	https://pcsdata.baidu.com/
https://www.instagram.com/graphql/query/?query_hash=2c4c2e343a8f64c625ba02b2aa12c7f8&variables=%7B%22shortcode%22:%22	http://www.w3.org/2000/svg
http://www.w3.org/1999/xlink	https://npms.io/search?q=ponyfill.
https://element-plus.org/en-US/component/button.html#button-attributes	https://element-plus.org/en-US/component/calendar.html#slots
https://github.com/vuejs/vue-next/pull/2485	https://element-plus.org/en-US/component/dialog.html#slots
https://element-plus.org/en-US/component/dialog.html#attributes	https://element-plus.org/en-US/component/drawer.html#slots
https://element-plus.org/en-US/component/drawer.html#attributes	https://element-plus.org/en-US/component/menu.html#submenu-attributes
https://github.com/element-plus/element-plus/issues/11415	https://element-plus.org/en-US/component/select.html#select-attributes
https://element-plus.org/en-US/component/switch.html#attributes	https://element-plus.org/en-US/component/tabs.html#attributes
https://staticsns.cdn.bcebos.com/amis/2023-4/1681972511270/logo.png	https://staticsns.cdn.bcebos.com/amis/2023-4/1681972999351/detect.png
https://staticsns.cdn.bcebos.com/amis/2023-4/1681975954549/file_download.png	https://staticsns.cdn.bcebos.com/amis/2023-4/1682499328006/remote_error.png
https://staticsns.cdn.bcebos.com/amis/2023-4/1681973633794/remote.png	https://staticsns.cdn.bcebos.com/amis/2023-4/1681974094878/pc_gray.png
https://staticsns.cdn.bcebos.com/amis/2023-4/1681974095261/remote_gray.png	https://staticsns.cdn.bcebos.com/amis/2023-4/1681975776224/close.png
https://staticsns.cdn.bcebos.com/amis/2024-5/1717049655707/translate.png	https://staticsns.cdn.bcebos.com/amis/2024-5/1717126030110/done.png
https://staticsns.cdn.bcebos.com/amis/2024-3/1710407483799/airead.png	https://staticsns.cdn.bcebos.com/amis/2024-3/1710932636335/demo.png
https://clients2.google.com/service/update2/crx	http://yhh.pan.baidu.com:9900/aipan/search?clientEnd=extension
https://passport.baidu.com	https://staticsns.cdn.bcebos.com/amis/2023-4/1681985982179/back.png
https://staticsns.cdn.bcebos.com/amis/2023-4/1681984586698/video.png	https://www.instagram.com/
https://pan.baidu.com/disk/main#/index?category=all&path=%2F%E6%9D%A5%E8%87%AA%EF%BC%9A%E7%99%BE%E5%BA%A6%E7%BD%91%E7%9B%98%E4%BF%9D%E5%AD%98%E5%B7%A5%E5%85%B7	https://staticsns.cdn.bcebos.com/amis/2024-6/1717501624000/download.png
https://staticsns.cdn.bcebos.com/amis/2024-6/1717666206204/yiduo.svg	https://pan.baidu.com/login?redirecturl=
https://juejin.cn/	https://staticsns.cdn.bcebos.com/amis/2023-12/1702276651253/juejin.png
https://news.qq.com/	https://new.qq.com/
https://view.inews.qq.com/	https://staticsns.cdn.bcebos.com/amis/2023-12/1702535798743/tengxun.png
https://mbd.baidu.com/	https://www.baidu.com/
https://mr.baidu.com/	https://mq.mbd.baidu.com/
https://ms.mbd.baidu.com/	https://staticsns.cdn.bcebos.com/amis/2023-12/1703139558941/baidu.png
https://www.huxiu.com/	https://m.huxiu.com/
https://staticsns.cdn.bcebos.com/amis/2023-12/1702539253354/huxiu.png	https://www.bilibili.com/
https://b23.tv/	https://live.bilibili.com/
https://manga.bilibili.com/	https://show.bilibili.com/
https://staticsns.cdn.bcebos.com/amis/2023-12/1702539310365/bilibili.png	https://zhuanlan.zhihu.com/
https://www.zhihu.com/	https://staticsns.cdn.bcebos.com/amis/2023-12/1702539704876/zhihu.png
https://mp.weixin.qq.com/	https://qyapi.weixin.qq.com/
https://staticsns.cdn.bcebos.com/amis/2023-12/1702539891671/weixin.png	https://staticsns.cdn.bcebos.com/amis/2024-3/1710322222219/avator.png
https://staticsns.cdn.bcebos.com/amis/2023-11/1699877899055/doc.png	https://pan.baidu.com/login

Raw Manifest

{
  "name": "__MSG_extensionName__",
  "icons": {
    "16": "icon16.plasmo.00ac8b83.png",
    "32": "icon32.plasmo.9ad0c5b6.png",
    "48": "icon48.plasmo.cae3a6b3.png",
    "64": "icon64.plasmo.e4b604fc.png",
    "128": "icon128.plasmo.b89b7dfa.png"
  },
  "action": {
    "default_icon": {
      "16": "icon16.plasmo.00ac8b83.png",
      "32": "icon32.plasmo.9ad0c5b6.png",
      "48": "icon48.plasmo.cae3a6b3.png",
      "64": "icon64.plasmo.e4b604fc.png",
      "128": "icon128.plasmo.b89b7dfa.png"
    },
    "default_popup": "popup.html"
  },
  "author": "netdisk-fe",
  "version": "1.0.7",
  "commands": {
    "ai_read": {
      "description": "AI看",
      "suggested_key": {
        "mac": "Command+Shift+8",
        "default": "Ctrl+Shift+8"
      }
    },
    "open_home": {
      "description": "打开主页",
      "suggested_key": {
        "mac": "Command+Shift+1",
        "default": "Ctrl+Shift+1"
      }
    },
    "screenshot": {
      "description": "自由滑选截图",
      "suggested_key": {
        "mac": "Command+Shift+9",
        "default": "Ctrl+Shift+9"
      }
    },
    "upload_screenshot": {
      "description": "截图并上传",
      "suggested_key": {
        "mac": "Command+Shift+0",
        "default": "Ctrl+Shift+0"
      }
    }
  },
  "background": {
    "type": "module",
    "service_worker": "background.d0591844.js"
  },
  "options_ui": {
    "page": "options.html",
    "open_in_tab": true
  },
  "side_panel": {
    "default_path": "/tabs/sidePanel.html"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_extensionDescription__",
  "permissions": [
    "storage",
    "sidePanel",
    "downloads",
    "cookies",
    "webRequest",
    "activeTab",
    "<all_urls>",
    "tabs",
    "contextMenus",
    "storage",
    "notifications"
  ],
  "default_locale": "zh_CN",
  "content_scripts": [
    {
      "js": [
        "contentInit.6b646005.js"
      ],
      "css": [],
      "run_at": "document_end",
      "matches": [
        "<all_urls>"
      ],
      "all_frames": true
    },
    {
      "js": [
        "contents.4683de87.js"
      ],
      "css": [
        "tabs/screenShot.971124af.css"
      ],
      "matches": [
        "<all_urls>"
      ]
    },
    {
      "js": [
        "urlChange.9c3c38f4.js"
      ],
      "css": [],
      "matches": [
        "<all_urls>"
      ]
    },
    {
      "js": [
        "contents.c10c11b1.js"
      ],
      "css": [
        "tabs/screenShot.971124af.css"
      ],
      "matches": [
        "<all_urls>"
      ]
    }
  ],
  "host_permissions": [
    "*://*/*",
    "<all_urls>"
  ],
  "manifest_version": 3,
  "externally_connectable": {
    "matches": [
      "*://*.baidu.com/*",
      "*://*.baidu-int.com/*"
    ]
  },
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "conetentInit*.js"
      ]
    },
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "urlChange.56155827.js"
      ]
    },
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "logo.f0eeaff4.png",
        "upload.4e526cd0.png",
        "airead.1651525b.png",
        "screenshot.a2155691.png",
        "open.ee7b240f.png",
        "sniff.37f54d09.png",
        "sniff_gray.340a8f2e.png",
        "contents.86356295.svg",
        "contents.7578acc3.css"
      ]
    },
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "logo.f0eeaff4.png",
        "upload.4e526cd0.png",
        "airead.1651525b.png",
        "screenshot.a2155691.png",
        "open.ee7b240f.png",
        "sniff.37f54d09.png",
        "sniff_gray.340a8f2e.png",
        "contents.86356295.svg",
        "contents.7578acc3.css"
      ]
    }
  ]
}

by ✦ Astarte

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (76 total):

Raw Manifest

Detections

Manifest Findings