CRXaminer

[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Last scanned: about 10 hours ago

Extension Details

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors: The extension lacks critical identifying information including name, description, author details, user count, and ratings, making it impossible to verify legitimacy or reputation. This absence of basic metadata is highly concerning and suggests either an incomplete installation or potentially malicious software attempting to hide its identity.

Concerns:

- Missing extension name and description prevents users from understanding its intended purpose

- Unknown author and developer information eliminates accountability

- Tabs permission combined with broad host permissions creates significant privacy risks

- Access to WhatsApp Web could enable message interception or manipulation

- Connection to premiumsender.app domain suggests potential commercial data harvesting

- IP geolocation access through ip-api.com raises tracking concerns

- Unlimited storage permission allows indefinite data retention

- Content script injection into WhatsApp Web enables deep integration with sensitive communications

- No visible user base or reviews to validate safety

Recommendations:

- Do not use this extension until proper identification and documentation are available

- If already installed, remove immediately and scan for potential data compromise

- If functionality is needed, find a well-documented alternative from a reputable developer

- Never install extensions without clear names, descriptions, and developer information

- Consider running unknown extensions in isolated Chrome profiles as a general security practice

The combination of missing metadata and powerful permissions makes this extension unsuitable for use.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

MEDIUM

Medium-Risk Permission: unlimitedStorage

This extension has the unlimitedStorage permission. Can store unlimited data locally.

Security Analysis Details

Required Permissions:

tabs
storage
scripting
activeTab
unlimitedStorage

Host Permissions:

https://web.whatsapp.com/*
https://premiumsender.app/*
http://ip-api.com/*

Content Security Policy:

connect-src: https://premiumsender.app/

Embedded URLs (102 total):

http://ip-api.com/json	https://premiumsender.app/
https://web.whatsapp.com/	https://wa.me/
https://clients2.google.com/service/update2/crx	http://ip-api.com/
https://npms.io/search?q=ponyfill.	https://reactjs.org/docs/error-decoder.html?invariant=
http://www.w3.org/1999/xlink	http://www.w3.org/XML/1998/namespace
http://www.w3.org/2000/svg	http://www.w3.org/1998/Math/MathML
http://www.w3.org/1999/xhtml	https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css
https://fonts.googleapis.com/css2?family=Inter:ital	http://fb.me/use-check-prop-types
http://schemas.openxmlformats.org/package/2006/metadata/core-properties	http://schemas.openxmlformats.org/officeDocument/2006/custom-properties
http://schemas.openxmlformats.org/officeDocument/2006/extended-properties	http://schemas.openxmlformats.org/package/2006/content-types
http://schemas.openxmlformats.org/package/2006/relationships	http://schemas.microsoft.com/office/spreadsheetml/2018/threadedcomments
http://purl.org/dc/elements/1.1/	http://purl.org/dc/terms/
http://purl.org/dc/dcmitype/	http://schemas.microsoft.com/office/mac/excel/2008/main
http://schemas.openxmlformats.org/officeDocument/2006/relationships	http://schemas.openxmlformats.org/package/2006/sheetjs/core-properties
http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes	http://www.w3.org/2001/XMLSchema-instance
http://www.w3.org/2001/XMLSchema	http://schemas.openxmlformats.org/spreadsheetml/2006/main
http://purl.oclc.org/ooxml/spreadsheetml/main	http://schemas.microsoft.com/office/excel/2006/main
http://schemas.microsoft.com/office/excel/2006/2	http://www.w3.org/TR/REC-html40
http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument	http://sheetjs.openxmlformats.org/officeDocument/2006/relationships/officeDocument
http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink	http://schemas.openxmlformats.org/officeDocument/2006/relationships/vmlDrawing
http://schemas.openxmlformats.org/officeDocument/2006/relationships/externalLinkPath	http://schemas.microsoft.com/office/2006/relationships/xlExternalLinkPath/xlPathMissing
http://schemas.openxmlformats.org/officeDocument/2006/relationships/externalLink	http://schemas.openxmlformats.org/officeDocument/2006/relationships/customXml
http://schemas.openxmlformats.org/officeDocument/2006/relationships/customXmlProps	http://schemas.openxmlformats.org/officeDocument/2006/relationships/comments
http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties	http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties
http://schemas.openxmlformats.org/officeDocument/2006/relationships/custom-properties	http://schemas.openxmlformats.org/officeDocument/2006/relationships/sharedStrings
http://schemas.openxmlformats.org/officeDocument/2006/relationships/styles	http://schemas.openxmlformats.org/officeDocument/2006/relationships/theme
http://schemas.openxmlformats.org/officeDocument/2006/relationships/chart	http://schemas.microsoft.com/office/2014/relationships/chartEx
http://schemas.openxmlformats.org/officeDocument/2006/relationships/chartsheet	http://schemas.openxmlformats.org/officeDocument/2006/relationships/worksheet
http://purl.oclc.org/ooxml/officeDocument/relationships/worksheet	http://schemas.openxmlformats.org/officeDocument/2006/relationships/dialogsheet
http://schemas.microsoft.com/office/2006/relationships/xlMacrosheet	http://schemas.openxmlformats.org/officeDocument/2006/relationships/image
http://schemas.openxmlformats.org/officeDocument/2006/relationships/drawing	http://schemas.openxmlformats.org/officeDocument/2006/relationships/sheetMetadata
http://schemas.microsoft.com/office/2017/10/relationships/threadedComment	http://schemas.microsoft.com/office/2017/10/relationships/person
http://schemas.microsoft.com/office/2006/relationships/vbaProject	http://docs.oasis-open.org/ns/office/1.2/meta/
http://schemas.openxmlformats.org/drawingml/2006/main	http://schemas.microsoft.com/office/spreadsheetml/2017/richdata
http://schemas.microsoft.com/office/spreadsheetml/2017/dynamicarray	http://openoffice.org/2004/office
http://openoffice.org/2004/writer	http://openoffice.org/2004/calc
http://www.w3.org/2001/xml-events	http://www.w3.org/2002/xforms
http://openoffice.org/2005/report	http://www.w3.org/2003/g/data-view#
http://openoffice.org/2009/table	http://openoffice.org/2010/draw
http://www.w3.org/TR/css3-text/	http://www.w3.org/1999/02/22-rdf-syntax-ns#

Page 1 of 2

Raw Manifest

{
  "name": "Premium Sender",
  "icons": {
    "16": "images/16x16.png",
    "48": "images/48x48.png",
    "128": "images/128x128.png"
  },
  "action": {
    "default_icon": {
      "16": "images/16x16.png",
      "48": "images/48x48.png",
      "128": "images/128x128.png"
    },
    "default_popup": "popup.html",
    "default_title": "Premium Sender"
  },
  "version": "1.0.81",
  "background": {
    "service_worker": "background.min.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Send Customized messages, Image, Video and documents. Download group and label contacts. Send message without saving contacts.",
  "permissions": [
    "tabs",
    "storage",
    "scripting",
    "activeTab",
    "unlimitedStorage"
  ],
  "content_scripts": [
    {
      "js": [
        "content.min.js"
      ],
      "run_at": "document_start",
      "matches": [
        "https://web.whatsapp.com/*"
      ]
    },
    {
      "js": [
        "page.min.js",
        "lib.min.js"
      ],
      "world": "MAIN",
      "run_at": "document_start",
      "matches": [
        "https://web.whatsapp.com/*"
      ]
    }
  ],
  "host_permissions": [
    "https://web.whatsapp.com/*",
    "https://premiumsender.app/*",
    "http://ip-api.com/*"
  ],
  "manifest_version": 3,
  "externally_connectable": {
    "matches": [
      "https://web.whatsapp.com/*"
    ]
  },
  "content_security_policy": {
    "connect-src": "https://premiumsender.app/"
  }
}

by ✦ Astarte

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Content Security Policy:

Embedded URLs (102 total):

Raw Manifest

Detections

Manifest Findings