The Internet Download Manager extension, designed for Google Chrome and installed more than 200,000 times, turned out to be adware.
At the same time, the extension has been hosted in the Chrome Web Store since June 2019 and could open links to sites with spam, change the default search engine, show pop-up windows with recommendations to download fake patches and unwanted programs.Let me remind you that we also talked about Vulnerability in Screencastify for Chrome Allows Spying on Users through Cameras.
The Bleeping Computer reports the problematic extension. The suspicious activity of Internet Download Manager was first noticed by one of the readers, who told reporters that he had found a malware that “launches malicious sites while posing as well-known software.”
The fact is that there is a legitimate program for Windows called Internet Download Manager, released by Tonec. Its developers offer Internet Download Manager extensions for Firefox and Chrome browsers, but the actual Chrome extension is called the IDM Integration Module. Moreover, Tonec’s official FAQ section warns: “all IDM extensions that can be found in the Google Store are fake and should not be used.”
The journalists write that a fake Internet Download Manager extension appears to be backed by the operators of a website called Puupnewsapp that allegedly “increases download speeds by up to 500%”, making it a real “super program” for downloading games, movies, music and “large files”. within minutes.”
The instructions posted with the fake extension are puzzling because after installing the extension, users are prompted to install the executable from the puupnewsapp website (puupnewsapp[.]com/idman638build25.exe) and additionally download the “Windows fix” ZIP file ( puupnewsapp[.]com/windows.zip).
If the idman638build25.exe file is a real and signed version of Tonec’s legitimate Internet Download Manager, then the windows.zip archive examined by Bleeping Computer contains both 32-bit and 64-bit versions of NodeJS and executes JavaScript code to configure registry-related settings. with Chrome and Firefox.
However, installing the extension in a test environment changed the default browser search engine to smartwebfinder[.]com. The researchers also observed the frequent occurrence of pop-ups in which the user was urged to install more add-ons, which led to the launch of third-party sites in the browser.
It is noted that users of the Chrome Web Store noted the strange behavior of the extension back in 2019, although other users claim that Internet Download Manager works fine for them (however, such reviews may turn out to be fake).
Bleeping Computer journalists write that they have already reported the problem to Tonec and Google specialists, although no response has yet been received from the companies.
