The popular Chrome extension is a malware

12 Oct, 2017Chrome

2018-02-08: This extension seems to have been removed by Chrome

Recently, I found that opening many websites (including HTTPS) will first jump to a third-party website and then jump back. Because they are all HTTPS websites and they are not in the country, carrier hijacking can basically be ruled out. I checked the recently installed Chrome extension and finally determined that this QR Code Generator-1 click to Create QR Code was caused:

Chrome store link:

The specific performance is in some websites with advertising alliances such as shopping, airlines or registered domain names (the ones I have tested so far are,,,,, etc. will be hijacked) . When you first visit or jump to a link, you will jump to a statistics or ad network address, and then jump back, and then there will be more promotion information in the link of the shopping website.

The address of the ad network includes,,,,, etc. (and more). In addition, this plug-in also has an anti-recurrence mechanism. If you have been visiting a certain website for a short period of time, you will not be hijacked 2333...

This extension is currently 4 stars and has more than 60,000 installations. I checked the comment record of this extension in the Chrome store, and someone else mentioned it as malware. When I first checked, I blamed another extension, but after I deleted the plug-in, it was hijacked, so I checked the rest and finally determined that this is the real culprit, because only this one extension is allowed. Malicious jumps still occur when running in stealth mode

You can test it yourself, and if you find any problems, you can go to the Google Chrome store to leave a negative review and report it

Powered by Gatsby. Theme inspired by end2end.

© 2014-2021. Made withby mdluo.