In a current case, it's about the chrome extensions Nano Adblocker and Nano Defender. Their developer Hugo Xu had declared a little over two weeks ago that he could no longer guarantee further development. For time reasons, he decided to sell the two software projects, which are distributed via the Chrome Web Store, to another developer, as the US magazine Ars Technica reports.
Now the developers of uBlock Origin, on which the nano extensions are based, raised the alarm. Because the new people behind the Chrome extension released an update that must simply be classified as malware. Because the extension acts only superficially as an advertising blocker and starts its own activities on social media platforms in the background.
Activities in the background
Among other things, after installing the latest update, the Chrome extension starts to link postings to certain Instagram accounts. It also accesses social media offerings that are open in the browser. Why exactly this happens is not yet clear. However, it can be assumed that session tokens are to be tapped here, with which the new owners of the extension can then hijack other accounts.
The malicious routines try to avoid detection of their driving. For example, the software detects whether the user has opened the browser's developer console and could see the extension's activities. If this is the case, the malicious routines do not become active and instead a report file is sent to the server https://def.dev-nano.com/.