1. There is no such thing as a "pending" ban or Steam admin. Anyone threatening your account is a scammer trying to scare you. Read more.

Announcement Fake and sold / hijacked browser plugins.

Discussion in 'SteamRep General Discussion' started by SilentReaper(SR), Jul 4, 2016.

  1. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,992
    SteamRep Admin:
    STEAM_0:0:89705646
    We've noticed a influx in bad / hijack plugins for browsers that steal items from people installing those.

    Reddit:
    https://www.reddit.com/r/netsec/comments/4d871z/popular_browser_extension_better_history_sold_to/

    An example report regarding this:
    http://forums.steamrep.com/threads/...counter-strike-global-offensive-items.134773/

    Information there will be by no means complete. When (better not, but if... ) you install a plugin, please make sure you:
    • Verify if the site it belongs to is legit / the real site. There are more then enough fake sites out there.
    • Verify the origins by tracing its owner/maker and if its really belonging to some site. A site will publicly SHOW their plugin on a page there, with their own link. USE THEIR LINK, not any link of anybody else.
    • If no site is linked to it, what is the purpose of the browser plugin?
    Remember:
    "History" check of a item is NEVER on the computer of the seller. They have to perform that themselves.

    If you don't know: don't install / click anything. A browser plugin can do anything you have access to via that browser. If you did install such, I'd advice to do a cleanup of your browser:
    Note: Be advised that some of the above procedures will probably stop functionality you installed, or remove your cookies from sites, saved passwords, the bookmarks etc. etc. Read what is linked and proceed with caution. The above is to ensure no malicious plugins are installed anymore. If you want to do it "safely" then google will find your solution. This is by no means a comprehensive guide.

    And then go to every site and give each site a new, DIFFERENT password (and yes, I mean that with each a different password then the others, start noting your passwords), start with your E-Mail, progress then to your financial and personal stuff (Facebook, twitter, LinkedIn, etc), steam, and other sites you regularly use etc.

    If you have been victim to these practices, please make tickets to the appropriate sites to solve your issues with them.

    Please don't install anything anybody links you. Treat anything anybody links you as hostile. Especially if / when its to "aid" in something you are doing with them in some form.
    Ch4e, schmed, Katpolice and 3 others like this.
  2. Nebras

    Nebras New User

    Messages:
    250
    Steam:
    STEAM_0:0:92811415
    same situation as the old TamperMonkey scripts, and basically any link someone sends to you, trust no one
  3. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,992
    SteamRep Admin:
    STEAM_0:0:89705646
    Yeap. But somehow people don't always "register" such distrust in "installing" plugins in their browsers... that plugin is basically a program that has all access to your browser and can do anything.

    On Google, anybody can put any name they like, and copy names of the real person with fake plugins that have the same name, just a different "id" number etc. Hence you need to get plugins reference from the site itself, not someone random. And that is IF the site is trustworthy...
    Roudydogg1 and Nebras like this.
  4. UberActivist

    UberActivist New User

    Messages:
    2
    Steam:
    STEAM_0:1:51819663
    I guess when people come across extensions and plugins and such, they don't think of them as "real" programs like a desktop program or such. I think there really should be an effort on the internet to change this point of view.

    Also google, WTF? You can pay google $5 and get literally anything published to the Chrome Web Store.