Fake ‘Internet Download Manager’ Chrome extension has 200,000 installs

The Google Chrome extension ‘Internet Download Manager’ installed by more than 200,000 users is adware.

The extension has been installed on the Chrome Web Store since at least June 2019, according to early user reviews.

Although the extension may install a known and legitimate download manager program, BleepingComputer has observed some unwanted behavior exhibited by the extension, such as opening links to spammy sites, changing the browser’s search engine by fault and chasing user with pop-ups asking them to download more “patches” and unwanted programs.

Dodgy Chrome extension installed by over 200,000 users

A concerned BleepingComputer reader contacted us when he saw a Chrome add-on “running malicious sites pretending to be famous software”.

And their concern seems valid. The ‘Internet Download Manager’ browser extension installed by more than 200,000 users so far doesn’t look so innocent.

Internet Download Manager Chrome Extension
Chrome Internet Download Manager extension live on Chrome Web Store (Computer Beep)

There is a legitimate Windows program called Internet Download Manager, released by Tonec software company.

Tonec offers Internet Download Manager extensions for Firefox and Chrome. But the genuine Chrome extension provided by the company is called “IDM Integration Module”.

Additionally, Tonec’s FAQ specifically warns: “Please note that all IDM extensions that can be found in Google Store are bogus and should not be used.”

In contrast, the counterfeit “Internet Download Manager” Chrome extension appears to be run by a website called “Puupnewsapp” which claims to “increase your download speed by up to 500%”, making it a “great software” to download. games, movies, music. , and “large files in minutes”. It looks promising.

The instructions provided by the knock-off extension are even more confusing: why do you have to download and install several programs after installing the extension?

installation instructions
Extension installation steps prompt users to install more programs (Computer Beep)

Specifically, when installing “Internet Download Manager”, users are now prompted to install an executable from the puupnewsapp website, and additionally download a “Windows patch” ZIP file:

hxxps://www.puupnewsapp[.]com/idman638build25.exe
hxxps://www.puupnewsapp[.]com/windows.zip

The ‘idman638build25.exe’ executable appears to be a valid, signed version of the legitimate Tonec Internet Download Manager.

The ‘windows.zip’ archive analyzed by BleepingComputer contains both 32-bit and 64-bit versions of NodeJS and runs JavaScript code to adjust Chrome and Firefox registry settings.

NodeJS file making registry changes
NodeJS File Performing Registry Changes for Firefox and Chrome (Computer Beep)

Harms search engines, promotes spam

What also struck us was that installing the extension in a test environment changed the browser’s default search engine to smartwebfinder[.]com.

Frequent pop-ups prompting the user to install more add-ons, like for Firefox, were also observed, as was the extension launching third-party sites in the browser.

modified search engine
Default search engine modified by extension (Computer Beep)

Fortunately, critics, some as early as 2019, seem to have spotted the questionable behavior. Although many (probably inauthentic) reviewers claim to have no issues with the extension.

negative reviews
Several notices report the extension “spam” (Computer Beep)

BleepingComputer readers have previously reported issues with similar malicious extensions they found on the Chrome Web Store.

The details of the counterfeit extension are as follows:

Extension ID: lcdlanlaneooailnebnhamiiieebikid

.crx hash (SHA-256): b4b47730b62592c21368c2546e578342fff8383693e89211155c2d61d88058ba

Online Store URL: hxxps://chrome.google[.]com/webstore/detail/internet-download-manager/lcdlanlaneooailnebnhamiiieebikid?hl=fr

BleepingComputer contacted Tonec for comment, and we also notified Google of the malicious extension prior to publication.

A quick search on the Chrome Web Store for “IDM”, “IDM integration add-ons”, or “Download Manager” will yield results containing extensions with hundreds of thousands of user installs and favorable reviews that may look promising.

Although not all of these extensions are harmful, users should be careful while installing new Chrome extensions and check if they are official versions released by trusted software vendors.


Source link

Comments are closed.