Ask HN: Help with suspected malware extension with 10M users
In last two days, my friend had her CC stolen and Instagram taken over which she accessed from her Mac. Although a rootkit is possible, her browser had three extensions: ublock origin, Google Drive, and "WebChatGPT" [1].
Looking into WebChatGPT:
- It has full access to all sites
- Extension was recently sold by owner [2]
- Latest release [3] doesn't match any new commits in the open-source repo [4].
- The last change in the repo removes sponsor link for buy me a coffee
- Someone opened an issue on the repo calling out spyware [5]
What is the best course of action here? Where can we report this? I am going to try to download the extension and follow where the data is sent.
* 1 https://tools.zmo.ai/webchatgpt
* 2 https://www.buymeacoffee.com/anzorq
* 3 https://addons.mozilla.org/en-US/firefox/addon/web-chatgpt/versions/
* 4 https://github.com/interstellard/chatgpt-advanced
* 5 https://github.com/interstellard/chatgpt-advanced/issues/203
9 comments
[ 2.7 ms ] story [ 30.4 ms ] threadMore of a meta comment: this is pretty much why I don't install any extensions in my browser except an ad blocker.
You can use this as an opportunity to teach your friend about security so it doesn't happen again.
- No binary or closed source releases, Google/Mozilla compile from a public source.
- More zealous restrictions (which admitedly Google is already heading towards)
- Big fat warnings when accessing cookies or secure fields like passwords or CC. If this makes password managers look scary, good, they should look scary.
I suspect it wouldn't be that much trouble to include obfuscated spyware into the sources though. It may make it easier to catch, but it wouldn't prevent mass users from upgrading before it's stopped.
But it would still be a minor deterrent, it would disrupt the common mechanism (buy a popular app, close source it) these acquirers operate with, and it would leave some proof of malice behind.
* - https://news.ycombinator.com/item?id=36602193
There is a huge button "Report this add-on for abuse" on every single extension page on addons.mozilla.org.