Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Is this the same extension that Chrome just flagged as malware? #82

Open
DJAetius opened this issue Nov 24, 2023 · 13 comments
Open

Is this the same extension that Chrome just flagged as malware? #82

DJAetius opened this issue Nov 24, 2023 · 13 comments
Assignees

Comments

@DJAetius
Copy link

Been using a great Bookmarks Menu extension but all of the sudden Chrome decided to disable it because it's "malware". I call bullshit, naturally.

Is this the same one?

@dubiousjim
Copy link

I think it probably is, but the evidence is mixed. The id of the Chrome extension you're talking about is "ffmdedmghpoipeldijkdlcckdpempkdi".

If you look at issue #27, it discusses linking that extension on the ChromeWebStore to this repo. The owner of this repo didn't post in the issue, but assigned it to themselves. Date on that was 2021.

If you look at this site, it shows the manifest.json file for that extension (the extension no longer shows up on ChromeWebStore), and the "version" key is "2023.07.25." That is later than any tag or indeed any commit on this repo. So that's some evidence suggesting that this repo is not the source of that extension, at least not the latest released version of it. The manifest.json file there is also substantially longer than the one in this repo.

@dubiousjim
Copy link

Issue #4 and issue #20 also reference the id of the flagged Chrome extension.

@dubiousjim
Copy link

This repo and this one seem to have snapshots of lots of manifest.json files from Chrome extensions, and they attest that formerly the extension id that is now flagged did have a manifest.json file that looked like the one in this repo.

@DJAetius
Copy link
Author

This repo and this one seem to have snapshots of lots of manifest.json files from Chrome extensions, and they attest that formerly the extension id that is now flagged did have a manifest.json file that looked like the one in this repo.

So, what's the status of this then? And why did it get flagged as malware? I've been using it for many years with zero issues. I've also saved the extension folder & files and I'm planning to reinstall it as a user-developed extension.

@oraz
Copy link
Owner

oraz commented Nov 25, 2023

initially it was the same extension, but I transferred the extension on Chrome Web Store to another person.
It looks like that the new owner has added something suspicious and published it and now the extension is blocked in store.

But the code here belongs to me and it contains the pure bookmarksMenu extension. Current version: 2023.5.20
You can build & intsall the extension: you need nodejs for that:

npm i
npm test

After that:

  • open chrome://extensions/
  • switch on dev mode
  • load extension from directory
  • enjoy!

@oraz oraz self-assigned this Nov 25, 2023
@DJAetius
Copy link
Author

DJAetius commented Nov 25, 2023

initially it was the same extension, but I transferred the extension on Chrome Web Store to another person. It looks like that the new owner has added something suspicious and published it and now the extension is blocked in store.

But the code here belongs to me and it contains the pure bookmarksMenu extension. Current version: 2023.5.20 You can build & intsall the extension: you need nodejs for that:

npm i
npm test

After that:

  • open chrome://extensions/
  • switch on dev mode
  • load extension from directory
  • enjoy!

Thank you for responding so fast. I'm glad I decided to ask first before doing something stupid like reinstalling malware.

But unfortunately I'm completely clueless when it comes to this kind of thing. I've installed nodejs but that's as far as my cluelessness can take me. It just opens up a command prompt window, and I don't have a clue what to do next.

Complete noob...but fast-enough learner.

So I go to Code, download Bookmarks menu master zip...and then what?

Btw a lot of people were using this, and I see them (as well as myself) completely shitting on other Bookmark extensions because they're nowhere near as good as this. Wouldn't it be better for everyone if you reuploaded a clean version in the Chrome store?

@oraz
Copy link
Owner

oraz commented Nov 25, 2023

Thank you for responding so fast. I'm glad I decided to ask first before doing something stupid like reinstalling malware.

But unfortunately I'm completely clueless when it comes to this kind of thing. I've installed nodejs but that's as far as my cluelessness can take me. It just opens up a command prompt window, and I don't have a clue what to do next.

Ok, no problem
Installation instruction:

  • Install NodeJS
  • Download source code of the extension: https://github.com/oraz/bookmarksMenu/archive/refs/heads/master.zip
    The downloaded file will be called bookmarksMenu-master.zip
  • unzip the archive. You'll get folder bookmarksMenu-master
  • start any command line tool and go into bookmarksMenu-master folder
  • in command line type: npm i
    It will download all necessary npm-modules (libs). It can take a couple of minutes depending on Internet connection speed
  • in command line type: npm test
    Now extension is ready for use
  • Open Chrome and go to chrome://extensions
  • Turn on "Developer mode" (top right corner)
  • Click Button "Load unpacked" and specify folder with the extension.
  • Now you can use the extension again :)
  • You can delete downloaded zip-archive, but don't delete the folder

Btw a lot of people were using this, and I see them (as well as myself) completely shitting on other Bookmark extensions because they're nowhere near as good as this. Wouldn't it be better for everyone if you reuploaded a clean version in the Chrome store?

hmm, why not? I have to prepare everything at first. I think it will take a few weeks, because Google checks new extensions very slowly.

@DJAetius
Copy link
Author

thank you so much, I'll give that a go rn & let you know how it went.

Speaking of the malware thing though, I did notice something bizarre going on a few days before it happened. i would start to get random bookmarks popping up in a new tab or duplicates of the one I had just opened, and I did wonder if I got ninja-infected by something small that Malwarebytes wasn't detecting.

hasnt happened since chrome shut it down.

@DJAetius
Copy link
Author

D:\DOWNLOADS\bookmarksMenu-master\bookmarksMenu-master>npm i
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.

added 882 packages, and audited 883 packages in 2m

113 packages are looking for funding
run npm fund for details

3 moderate severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Run npm audit for details.
npm notice
npm notice New patch version of npm available! 10.2.3 -> 10.2.4
npm notice Changelog: https://github.com/npm/cli/releases/tag/v10.2.4
npm notice Run npm install -g npm@10.2.4 to update!
npm notice

D:\DOWNLOADS\bookmarksMenu-master\bookmarksMenu-master>npm install -g npm@10.2.4

added 1 package in 12s

28 packages are looking for funding
run npm fund for details

D:\DOWNLOADS\bookmarksMenu-master\bookmarksMenu-master>npm test

bookmarksmenu@2023.05.20 pretest
npm run tsc && npm run css

bookmarksmenu@2023.05.20 pretsc
npm run lint

bookmarksmenu@2023.05.20 lint
echo ESLint... && eslint --cache app --ext .js,.ts

ESLint...

bookmarksmenu@2023.05.20 tsc
echo Typescript... && tsc

Typescript...

bookmarksmenu@2023.05.20 css
echo SCSS... && sass --update --style=compressed app:app

SCSS...
[2023-11-25 23:45] Compiled app\options\options.scss to app\options\options.css.
[2023-11-25 23:45] Compiled app\popup\popup.scss to app\popup\popup.css.

bookmarksmenu@2023.05.20 test
echo Jest... && jest

Jest...
(node:10668) [DEP0040] DeprecationWarning: The punycode module is deprecated. Please use a userland alternative instead.
(Use node --trace-deprecation ... to show where the warning was created)
PASS app/options/options_ts.spec.ts
(node:3324) [DEP0040] DeprecationWarning: The punycode module is deprecated. Please use a userland alternative instead.
(Use node --trace-deprecation ... to show where the warning was created)
PASS app/test-utils/expect-jquery.spec.ts
(node:2828) [DEP0040] DeprecationWarning: The punycode module is deprecated. Please use a userland alternative instead.
(Use node --trace-deprecation ... to show where the warning was created)
PASS app/common/settings.spec.ts
(node:5192) [DEP0040] DeprecationWarning: The punycode module is deprecated. Please use a userland alternative instead.
(Use node --trace-deprecation ... to show where the warning was created)
PASS app/common/common.spec.ts
(node:1640) [DEP0040] DeprecationWarning: The punycode module is deprecated. Please use a userland alternative instead.
(Use node --trace-deprecation ... to show where the warning was created)
PASS app/popup/popup.spec.ts

Test Suites: 5 passed, 5 total
Tests: 180 passed, 180 total
Snapshots: 0 total
Time: 4.813 s
Ran all test suites.

@DJAetius
Copy link
Author

DJAetius commented Nov 25, 2023

But, working all fine! Oh I've missed this beauty. Now, I will definitely be donating. Gimme a minute.

Like Linkin Park's Chester Bennington used to sing "cuz you don't know what you've got...until it's gone". Never took Bookmarks Menu for granted, but I didn't stop to say thank you the first time.

@oraz
Copy link
Owner

oraz commented Nov 25, 2023

But, working all fine! Oh I've missed this beauty. Now, I will definitely be donating. Gimme a minute.

Like Linkin Park's Chester Bennington used to sing "cuz you don't know what you've got...until it's gone". Never took Bookmarks Menu for granted, but I didn't stop to say thank you the first time.

Thank you very much!
Nice that it's working again!

@GitTom
Copy link

GitTom commented Nov 26, 2023

Yeah, apparently this problem (the extension turning into malware) is very common when you sell an extension listing. I wonder what sort of malware they put in it.

Who did you sell it to?

@saintphaenixos
Copy link

Can't wait to have this back @oraz You changed how I used Chrome forever.

Glad to see you are still around!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants