CRXaminer

[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Last scanned: about 6 hours ago

Extension Details

Context-Aware Verdict

CRITICAL

Overall Risk

Trust Factors:

The extension presents significant trust concerns due to missing critical information. The absence of a name, description, author details, user count, ratings, and last update date makes it impossible to verify legitimacy or assess developer reputation. This lack of transparency is a major red flag, as legitimate extensions typically provide comprehensive metadata to build user confidence.

Concerns:

The extension requests an extremely powerful and dangerous combination of permissions that creates multiple attack vectors. The tabs permission combined with webRequest allows complete monitoring and manipulation of browsing activity. The broad host permissions (<all_urls>) grant unrestricted access to all websites, while content script injection capabilities enable the extension to read sensitive data, modify any webpage, or steal credentials across the entire web. The storage permission, while seemingly benign, could be used to persist stolen data or maintain tracking information. This permission set is characteristic of malware or highly invasive surveillance tools.

Recommendations:

Do not install this extension under any circumstances. The critical risk level, combined with missing developer information and excessive permissions, suggests this could be malicious software. If you must analyze suspicious extensions, use a completely isolated virtual machine rather than a separate Chrome profile, as the broad permissions could potentially affect the entire system. Report this extension to Chrome Web Store security team if encountered in the wild.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webRequest

This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

tabs
storage
webRequest
scripting
alarms

Host Permissions:

*://*.castorus.com/*
<all_urls>

Embedded URLs (15 total):

https://developer.chrome.com/docs/extensions/mv3/	https://developer.chrome.com/docs/extensions/mv3/service_workers/
https://github.com/mozilla/webextension-polyfill	https://www.castorus.com/conditions-generales
https://www.castorus.com/privacy-policy.php	https://www.castorus.com/comparateur/
https://castorus.com	https://www.castorus.com
https://www.castorus.com/img/common/logo_castorus_ext.png	http://www.w3.org/2000/svg
https://www.castorus.com/img/common/logo_rond_chrome_64.png	https://maps.google.com/maps?q=
https://maps.google.com/maps?layer=c&cbll=	https://www.mozilla.org/firefox/new/
https://clients2.google.com/service/update2/crx

Raw Manifest

{
  "name": "Castorus",
  "icons": {
    "128": "icon.png"
  },
  "action": {
    "default_icon": "icon.png",
    "default_popup": "popup/popup.html",
    "default_title": "Castorus"
  },
  "version": "5.12",
  "background": {
    "service_worker": "service-worker.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Historique des annonces immobilières",
  "permissions": [
    "tabs",
    "storage",
    "webRequest",
    "scripting",
    "alarms"
  ],
  "content_scripts": [
    {
      "js": [
        "lib/browser-polyfill.js",
        "content/_.js",
        "content/utils/string-utils.js",
        "content/utils/dom-utils.js",
        "content/utils/dom-ready.js",
        "content/utils/url-utils.js",
        "content/utils/filters-loader.js",
        "content/extractors/base-extractor.js",
        "content/extractors/xpath-extractor.js",
        "content/extractors/json-extractor.js",
        "content/extractors/pattern-extractor.js",
        "content/extractors/list-extractor.js",
        "content/renderers/base-renderer.js",
        "content/renderers/iframe-renderer.js",
        "content/renderers/product-renderer.js",
        "content/renderers/castorus-webcomponent.js",
        "content/renderers/castorus-widget.js",
        "content/renderers/webcomponent-renderer.js",
        "content/messaging/content-to-background.js",
        "content/content.js"
      ],
      "run_at": "document_start",
      "matches": [
        "<all_urls>"
      ]
    }
  ],
  "host_permissions": [
    "*://*.castorus.com/*",
    "<all_urls>"
  ],
  "manifest_version": 3,
  "externally_connectable": {
    "matches": [
      "https://*.castorus.com/*"
    ]
  },
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "images/logo20.png",
        "css/components.css",
        "consent/dataControl.html",
        "content/renderers/castorus-webcomponent-page.js",
        "content/renderers/castorus-webcomponent-injected.js"
      ]
    }
  ]
}

by ✦ Astarte

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (15 total):

Raw Manifest

Detections

Manifest Findings