[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

CK-Authenticator G3

Version 5.0 View in Chrome Web Store

Last scanned: about 5 hours ago

Extension Details

Developer: packetkeeper.net

Rating: 1.1 ★ (80 ratings)

Users: 2,000,000

Context-Aware Verdict

CRITICAL

Overall Risk

Trust Factors:

The extension has a substantial user base of 2 million users, which suggests some level of adoption. However, the extremely low rating of 1.1 out of 5 stars from 80 reviews is a major red flag indicating widespread user dissatisfaction or potential malicious behavior. The developer "packetkeeper.net" lacks clear company information or reputation indicators.

Concerns:

The extension exhibits multiple severe security risks that are disproportionate to what an authenticator should require. The combination of webRequest and webRequestBlocking permissions with all_urls host access creates a dangerous capability to intercept, modify, and block all web traffic. The identity permission adds another layer of concern by potentially exposing user identity information. The unsafe WebAssembly execution policy could hide malicious code. Most critically, these extensive permissions far exceed what a legitimate authenticator would need - authentic two-factor authentication tools typically require minimal permissions.

Recommendations:

Do not install this extension. The combination of critical security risks, extremely poor user ratings, and excessive permissions strongly suggests malicious intent. If you need an authenticator, use established alternatives like Google Authenticator, Authy, or Microsoft Authenticator. If already installed, remove it immediately and scan your system for potential compromise. Consider changing passwords for any accounts accessed while this extension was active.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

Dangerous Permission Combination: webRequest + webRequestBlocking

This extension can intercept, modify, and block web requests in real-time. This combination could be used to modify sensitive web traffic or steal data.

HIGH

High-Risk Permission: identity

This extension has the identity permission. Can access your identity information. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webRequest

This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: webRequestBlocking

This extension has the webRequestBlocking permission. Can block and modify web requests in real-time. This could potentially be used maliciously to compromise security or privacy.

HIGH

Unsafe WebAssembly Execution

This extension's Content Security Policy allows 'wasm-unsafe-eval', which permits potentially dangerous WebAssembly code execution. This could be used to hide malicious code or perform CPU-intensive operations.

Raw Manifest

{
  "name": "CK-Authenticator G3",
  "icons": {
    "16": "img/ckauth19x.png",
    "32": "img/ckauth19x.png",
    "48": "img/ckauth19x.png",
    "128": "img/ckauth19x.png"
  },
  "action": {
    "default_icon": "img/ckauth19x.png",
    "default_popup": "popup.html"
  },
  "version": "5.0",
  "background": {
    "service_worker": "serviceWorker.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "ContentKeeper Authenticator G3",
  "permissions": [
    "webRequest",
    "webRequestBlocking",
    "identity",
    "identity.email"
  ],
  "offline_enabled": true,
  "host_permissions": [
    "<all_urls>"
  ],
  "manifest_version": 3,
  "content_security_policy": {
    "extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self'"
  },
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "img/ckauth19x.png"
      ]
    }
  ]
}

by ✦ Astarte

CK-Authenticator G3

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Content Security Policy:

Embedded URLs (1 total):

Raw Manifest

Detections

Manifest Findings