The One Time Pad: Feb 15th, 2020 - Bonus weekend edition

A truck load of malicious Chrome extensions were kicked off the Play Store.

Google removes 500+ malicious Chrome extensions from the Web Store

Sounds like all these extensions injected malicious ads, many of which merely redirected to affiliate links. I am pretty damn sure Darelene did that for free food in some episode of Mr. Robot, so maybe these bad guys got their idea from her.

Ironically, almost no users reported any concern. I think that shows how numb we are to advertisements in our apps. 500+ apps ia a lot of apps - this was a big operation that probably made some people a lot of money.

Leveraging CRXcavator, a service for analyzing Chrome extensions, Kaya discovered an initial cluster of extensions that run on top of a nearly identical codebase, but used various generic names, with little information about their true purpose.

"Individually, I identified more than a dozen extensions that shared a pattern," Kaya told us. "Upon contacting Duo, we were able to quickly fingerprint them using CRXcavator's database and discover the entire network."

Read more.