Wladimir Palant@WPalant@infosec.exchange
After I published my article on malicious Chrome extensions running remote code I actually got a sample of malicious code for the Download Manager Integration Checklist extension. While somebody went though significant effort to obfuscate it, I managed to analyze all of its functionality: https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/
This extension turned out to be specializing in ad fraud. Better understanding of its code allowed me to find eight other extensions with very similar malicious functionality and one more that doesnβt appear malicious at the point but still related. Fun fact: the ad company in question appears to be scammed by one of their employees.