so the past few days i noticed that there was a slowdown when i’d browse sites and i’d stumble upon a multitude of problems. yes that’s right, today i just discovered all this was caused by a suspicious app. all this lasted about 2 weeks.
my experience?
not much to say about it. but i would notice a very interesting phenomenon everytime i’d open google maps, the fact that it would take so much time to load that when i would go into street view my entire connection would break entirely and i was unable to visit any site for a few minutes. i started getting suspicious of this because i have a fast internet and i cleared the cache, which didn’t work out at all. especially after i did the same check on edge and it was fine.
realization and conclusion
like i said this got me suspicious so today i randomly found an extension i didn’t remember installing, and it was called “SaveVPN”. i did an overview and it seemed like this extension spread upon all my profiles on chrome, at which i could see a noticeable slowdown. i made a simple search on chrome, it didn’t appear anywhere and as i saw in extensions later, this was installed off the store. i left it on one of my alt profiles to see what type of “vpn” this was, obviously my ip wouldn’t change and what was it: it was a virus. so i deleted it. the crazy thing however is the second i hit remove every tab loaded instantly.
now chrome is a secure browser and in most cases there’s no way you can get a dangerous virus as an extension without a warning. however my case was this, a potentially fake disguised vpn that would purposely ruin my browsing experience until i realized. ip and cookie grabbers are fairly common however, so you should be careful with them.
I have one called SetupVPN - Lifetime Free VPN… My bank account got hacked into recently and all my shit was stolen…
Thank you for the post. Hope more people become aware of this type of virus (a first for me) I also share your experience. Today after a week or so I said fuck it and decided to investigate. It was giving me Russian ads on all my google searches since they released AI searches so I believe it is a Russian based virus. I also checked my other profiles and it was installed on every single one… everything seems good now.
enter about:extensions into your address bar to see current installed extensions. If one is a lacking a description and/or you don’t remeber installing that bih, uninstall is ASAP.
chrome has alot of issues with malware from extensions
Yes, I’ve got this extension in all my profiles as well, but it installs on every Chrome profile. When I remove it, it sometimes reappears later, suggesting it might be some kind of app on Windows.
chrome extension id folder: edkbpkanapinjifakjogefooogoclehg
it has a seed file on this folder and version 10.2.4_0
here is the files: https://pastebin.com/Uw7gKidw
I have both saveVpn and SetupVPN - Lifetime Free VPN, I had them for half a year, I only discovered this virus today when a strange advertisement appeared in Google search. On the Internet I found out that the problem is with them, they can also steal data. When I deleted them, the ads disappeared.
I used my credit card several times in this browser, but I never logged into my account and that probably saved me.
THANK YOU SO VERY MUCH FOR THIS. I’m not that smart in terms of .js files so i don’t understand the code for this malware. So what does it basically do, is it like a keylogger, trojan, some other form of spyware that’ll steal login details ? My girlfriend got it on her PC some time ago and was annoyed by how slow her chrome was working. Today i checked it out and found this “extension” she doesn’t remember installing so i got rid of it together with the seed file you mentioned, altho it had a different folder name/id. Does she need to change her bank & social media login credentials ?
I highly recommend UPDATING passwords relating to anything that’s sensitive like credit cards, bank information and anything with personal credentials.
I examined the files and fed the main file to ChatGPT.
Here are the summarized report Chatgpt results of the main file of the extention.
The extention connects to the miratom.com
It seems to be some form of advertising and analysis script. I’m curious about the purpose of the large blob file it delivers. For those interested, here are the formated and spitted files for investigation.
And the big blob file ( backup )
That’s what we did, from a different, secure device. But I still wonder what does the virus do, and why it lags only Google websites like maps, Google search or YouTube
I believe it was definitely injecting something into chrome in the background disguising itself as a VPN. if you go to the original post you’ll find my experience with it. I Wish i could post screenshots haha