Announcement Fake and sold / hijacked browser plugins.

We've noticed a influx in bad / hijack plugins for browsers that steal items from people installing those.

Reddit:
https://www.reddit.com/r/netsec/comments/4d871z/popular_browser_extension_better_history_sold_to/

An example report regarding this:
http://forums.steamrep.com/threads/...counter-strike-global-offensive-items.134773/

Information there will be by no means complete. When (better not, but if... ) you install a plugin, please make sure you:

• Verify if the site it belongs to is legit / the real site. There are more then enough fake sites out there.
  
• Verify the origins by tracing its owner/maker and if its really belonging to some site. A site will publicly SHOW their plugin on a page there, with their own link. USE THEIR LINK, not any link of anybody else.
• If no site is linked to it, what is the purpose of the browser plugin?

Remember:
"History" check of a item is NEVER on the computer of the seller. They have to perform that themselves.

If you don't know: don't install / click anything. A browser plugin can do anything you have access to via that browser. If you did install such, I'd advice to do a cleanup of your browser:

• Mozilla Firefox Refresh: https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings
• Google Chrome Cleanup tool: https://www.google.com/chrome/cleanup-tool/
• Opera: http://ccm.net/faq/10081-reset-opera-to-default-settings
  
• Microsoft Internet Explorer: https://support.microsoft.com/en-us/kb/923737
• Microsoft Edge: http://www.howtogeek.com/237527/how-to-reset-microsoft-edge-in-windows-10/

Note: Be advised that some of the above procedures will probably stop functionality you installed, or remove your cookies from sites, saved passwords, the bookmarks etc. etc. Read what is linked and proceed with caution. The above is to ensure no malicious plugins are installed anymore. If you want to do it "safely" then google will find your solution. This is by no means a comprehensive guide.

And then go to every site and give each site a new, DIFFERENT password (and yes, I mean that with each a different password then the others, start noting your passwords), start with your E-Mail, progress then to your financial and personal stuff (Facebook, twitter, LinkedIn, etc), steam, and other sites you regularly use etc.

If you have been victim to these practices, please make tickets to the appropriate sites to solve your issues with them.

Please don't install anything anybody links you. Treat anything anybody links you as hostile. Especially if / when its to "aid" in something you are doing with them in some form.

same situation as the old TamperMonkey scripts, and basically any link someone sends to you, trust no one

Yeap. But somehow people don't always "register" such distrust in "installing" plugins in their browsers... that plugin is basically a program that has all access to your browser and can do anything.

On Google, anybody can put any name they like, and copy names of the real person with fake plugins that have the same name, just a different "id" number etc. Hence you need to get plugins reference from the site itself, not someone random. And that is IF the site is trustworthy...

I guess when people come across extensions and plugins and such, they don't think of them as "real" programs like a desktop program or such. I think there really should be an effort on the internet to change this point of view.

Also google, WTF? You can pay google $5 and get literally anything published to the Chrome Web Store.