INSUBCONTINENT EXCLUSIVE:
The extensions share other dubious or suspicious similarities
Much of the code in each one is highly obfuscated, a design choice that provides no benefit other than complicating the process for
analyzing and understanding how it behaves.All but one of them are unlisted in the Chrome Web Store
appear in the Web Store or search engine search results
the presence of any suspicious or malicious extensions
One of the key JavaScript files it runs references several questionable domains, where they can upload data and download instructions and
code:
URLs that Fire Shield Extension Protection references in its code.
Credit:
extensions did on this site but was largely thwarted by the obfuscated code and other steps the developer took to conceal their behavior
When the researcher, for instance, ran the Fire Shield extension on a lab device, it opened a blank webpage
Clicking on the icon of an installed extension usually provides an option menu, but Fire Shield displayed nothing when he did it
Tuckner then fired up a background service worker in the Chrome developer tools to seek clues about what was happening
He soon realized that the extension connected to a URL at fireshieldit.com and performed some action under the generic category
