Never Use These 100 Websites With Google Chrome
You have been warned — check Chrome now.
Jaap Arriens/NurPhoto
A serious new warning for Google Chrome users this week, with the release of a list of websites you must never use. There's a twist though. These websites hide behind major brands and trick you into installing dangerous malware. The tell is simple though — so while the list of websites is linked below, there's an easier way to stay safe.
With Chrome users already facing a critical update warning, DomainTools found more than 100 websites [listed here on Github] 'masquerading as legitimate services, productivity tools, ad and media creation or analysis assistants, VPNs, Crypto, banking and more.' Each website includes a Get Chrome Extension or Add to Chrome button.
DomainTools warns that while the extensions correspond to ones on Google's Chrome Web Store (CWS), these 'typically have a dual functionality, in which they generally appear to function as intended, but also connect to malicious servers to send user data, receive commands, and execute arbitrary code.'
DomainTools has examples of fake DeepSeek, YouTube, Flight Radar, Calendly and VPN websites and extensions as lures. Extensions partially work, but are 'configured with excessive permissions to interact with every site the browser visits and retrieve and execute arbitrary code from a network of other actor controlled domains.'
Dangerous extensions
DomainTools
Unsurprisingly, the hosting infrastructure is common across the campaign. While mimicking DeepSeek and YouTube is simple brand hijacking, fake VPN extensions as a means to attack Chrome users ie beyond ironic. These VPN extensions connect to a malicious backend client [to] listen for commands." When instructed, the extension 'uses chrome.cookies.getAll({}) to retrieve all browser cookies.' it can even inject scripts into open Chrome tabs to run its own malicious code.
Website lure and malicious extension
DomainTools
DomainTools says these attacks have been more than a year in the making. 'This malicious actor has deployed over 100 fake websites and malicious Chrome extensions with dual functionalities. Analysis revealed these extensions can execute arbitrary code from attacker-controlled servers on all visited websites, enabling credential theft, session hijacking, ad injection, malicious redirects, traffic manipulation, and phishing via DOM manipulation. Some extensions were also observed attempting to steal all browser cookies, which may lead to account compromises.'
While the Chrome Web Store 'has removed multiple of the actor's malicious extensions after malware identification,' DomainTools warns 'the time lag in detection and removal pose a threat to users seeking productivity tools and browser enhancements.'
To stay safe, check carefully before installing extensions. While that means using official stores, it also means checking names and reviews carefully and ensuring developers behind those extensions have been verified. Such add-on software is a well-proven vulnerability with Chrome, and 'vigilance is key to avoiding these threats.'
Most of the API domains identified by DomainTools as being part of this attack have a .TOP top level domain. Yet another warning to see .TOP as high risk at all times.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CNET
an hour ago
- CNET
Google's AI Mode Now Creates Interactive Stock Charts For You
Google's AI Mode now can create interactive charts when users ask questions about stocks and mutual funds, the company said in a blog post Thursday. Users might ask the site to compare five years of stock performances for the biggest tech companies, or request to see mutual funds with the best rates of return over the past decade. Gemini, Google's AI engine, will then create an interactive graph and comprehensive explanation. I created a sample by going to the webpage for the new experiment (if you try it at work, you might learn that your admin has banned it, but it should work on a personal computer). Once there, I told it exactly what I wanted, "make me an interactive chart showing MSFT stock over the past five years." It produced the chart, and I was able to move the slider from one date to another, showing the stock price on that date. It's the same kind of chart you can probably get at your financial advisor's site, but it did work. Tell Google AI what chart you want, and it will create one that you can interact with. CNET But be warned: AI has accuracy issues, and users need to be extra-careful with financial information of any kind. "AI has historically struggled with quantitative reasoning tasks," said Sam Taube, lead investing writer at personal finance company NerdWallet. "It looks like Google's AI mode will often provide links to its data sources when answering financial queries. It's probably worth clicking those links to make sure that the raw data does, in fact, match the AI's output. If there's no link to a data source, proceed with caution; consider manually double-checking any numbers in the AI's output. I wouldn't trust any AI model to do its own math yet." The feature is a new experiment from Google Labs. At its I/O conference last month, Google announced AI Mode's ability to create interactive graphics for complex sets of data. The feature is now only for queries about stocks and mutual funds, but it will be expanded to other topics eventually. "I'd avoid asking AI any 'should I invest in XYZ' type questions," Taube told CNET. "The top AI models may be smart, but they aren't credentialed financial advisors and probably don't know enough about your personal financial situation to give good advice. What's more, AI doesn't have a great track record at picking investments, at least so far. Many AI-powered ETFs (funds that use AI to pick stocks to invest in) are underperforming the S&P 500 this year."
Business Insider
an hour ago
- Business Insider
DeepWho? DeepSeek rolled out even more powerful, cheap AI tech. If you missed it, you're not alone.
DeepSeek updated its R1 AI model a few days ago. It performs better and it's still cheaper than most other top models. Did you miss it? I missed it. Or I saw the news briefly and then forgot about it. Most of the tech industry and investors greeted the launch with a giant shrug. This is a pretty stark contrast to early 2025 when DeepSeek's R1 model freaked everyone out. Tech stocks plunged and the generative AI spending boom was seriously questioned. This time, DeepSeek's rollout "came and went without a blip," Ross Sandler, a top tech analyst at Barclays, wrote in a note to investors. "The stock market couldn't care less," he added. "This tells us that the investment community's level of understanding on the AI trade has greatly improved in just five short months." An unscientific DeepSeek poll I polled my colleagues on Business Insider's tech team on Friday, just to see if I'd been spending too much time watching Elon Musk and Donald Trump argue on social media (rather than doing my real job). Here are some of their responses: One editor said they didn't notice DeepSeek's update, but now they feel guilty for not spotting it. (Solid thinking. Only the paranoid survive in journalism). Another colleague said they knew about it from their quick headline scans, but didn't read too much into it. A tech reporter saw a Reddit thread about it, scanned it, and didn't think about it again. Another reporter said they missed it entirely. So, it barely registered. And these folks are glued to tech news every second of the day. Why does no one really care now? DeepSeek's latest R1 model is probably the third best in the world right now, so why isn't it making waves like before? Sandler, the Barclays analyst, noted that DeepSeek's latest offering is not quite as cheap as it used to be, relatively speaking. It costs just under $1 per million tokens, which was roughly 27 times cheaper than OpenAI's o1 model earlier this year. Now, DeepSeek's R1 is "only" about 17 times cheaper than the top model, according to Barclays research and data from Artificial Analysis' AI Intelligence Index. This illustrates a broader and more important point. Something I've been telling you about since last year: Most top AI models are roughly similar in performance because they've mostly been training on the same data from the internet. This makes it hard to stand out from the crowd, based just on performance. When you leap ahead, your inventions and gains are incorporated quickly into everyone else's offerings. Price is important, yes. But distribution is becoming key. If your employer has an enterprise ChatGPT account, for instance, you're highly likely to use OpenAI models at work. It's just easier. If you have an Android smartphone, you'll probably be talking to Google's Gemini chatbot and getting responses from the search giant's AI models. DeepSeek doesn't have this type of broad distribution yet, at least in the Western world. Was the AI infrastructure freakout misplaced? Then, there's the realization that "reasoning" models, such as DeepSeek's R1 and OpenAI's o3, require a massive amount of computing power to run. This is due to their ability to break requests down into multiple "thinking" steps. Each step is a new kind of prompt that is turned into a huge number of new tokens that need to be processed. The DeepSeek freakout in January happened mostly because the tech industry worried that the Chinese lab had developed more efficient models that didn't need as much computing infrastructure. In fact, this Chinese lab may have instead helped popularize these new types of reasoning models, which might require even more GPUs and other computing gear to run.
CNET
an hour ago
- CNET
Despite War of Words, Trump May Funnel Billions to Musk's Starlink With BEAD Changes
Less than 24 hours after President Trump threatened to terminate Elon Musk's government contracts, his Commerce Department published a notice that could shift tens of billions of dollars in federal funding to Musk's Starlink internet service. Starlink is projected to receive as much as $20 billion in BEAD money under the new rules -- up from the $4.1 billion it was slated to get previously, according to a Wall Street Journal report published in March. "This is a huge gift to Starlink,"said Drew Garner, director of policy at the Benton Institute for Broadband and Society. "To me, this looks like another instance of TACO Trump chickening out and handing over the money. He's letting his Secretary give Musk billions of dollars on the day Musk is calling for his impeachment." The BEAD program was signed into law as part of the Infrastructure Investment and Jobs Act (IIJA) of 2021. It's the largest investment the government has ever made in expanding internet access -- a once-in-a-lifetime pool of money that was supposed to provide every American with an option for high-speed internet at their home. Critics like to point out that it's been over three years since the program was created and still no homes have been connected by BEAD, but it's largely on track with the timeline laid out in the original law. Commerce Secretary Howard Lutnick has repeatedly cited the need for faster and cheaper BEAD deployment, but industry observers were already telling me before the election that a Trump victory would shift billions of dollars in BEAD money toward Starlink. Locating local internet providers A "technology neutral" approach BEAD was written to prioritize expanding fiber internet to rural areas, but the new rules mandate a "technology neutral" approach. While the previous rules gave states leeway to factor the connection type into how they awarded money, the new rules essentially mandate that the money needs to go to the cheapest bidder. "The whole idea of technology neutrality doesn't really make a lot of sense in this context," said Evan Feinman, the former director of BEAD who departed in March with an email warning of impending changes. He added that different types of internet connections "have different performance capabilities, they have different costs to operate, and they have different reliability characteristics. And they have wildly different speeds." Fiber is widely considered the gold standard for internet connections, and states had overwhelmingly been awarding BEAD money to fiber internet providers. The exception was in especially remote areas, where it can be prohibitively expensive to install fiber on a per-household basis. "Fiber is great, but our cost estimates show somewhere around $120 [thousand] to $130,000 per location just to connect it with fiber," Greg Conte, director of the Texas Broadband Development Office, told me in a previous interview about rural areas in West Texas. Starlink will still have to compete with other internet providers in all of these states, and there's no guarantee they'll have the cheapest bids. Feinman also predicted unlicensed fixed wireless providers will benefit immensely from the new rules. New rules also eliminate labor, environmental and affordability requirements "Starlink will be a significant beneficiary of these changes," "That's just not the only thing they're doing." There are a number of other tweaks in the new rules that are meant to speed up the deployment process by removing "regulatory burdens." Requirements for labor used on BEAD projects, climate resilience plans and net neutrality protections are all being eliminated. But the one that jumped out to me the most was what was called "backdoor rate regulation." Previously, providers taking BEAD money were required to offer a discounted plan for low-income residents. It's well-understood that the reason most people don't have an internet connection isn't because it's not available -- they just can't afford it. It's been a year since the Affordable Connectivity Program ended. The federal subsidy provided $30 a month to help low-income households pay for internet. Internet is already more expensive in rural areas -- Starlink's plans start at $80 monthly, with a $349 upfront cost for equipment -- and many households could struggle to afford whatever connection is available to them once BEAD's construction is complete. "Today, Secretary Lutnick ripped the heart out of the affordability provisions in BEAD," Garner said. "He basically is just allowing providers to self-certify that they offer something affordable." Will BEAD changes get internet to rural areas faster? State broadband offices have expressed dread and outright alarm when discussing potential changes to BEAD this late in the game. In April, a group of 115 state legislators sent an open letter to Secretary Lutnick urging him not to mess with the program. "The Feds broke it and the states fixed it, and the Feds are preparing to break it again," Missouri State Representative Louis Riggs, a Republican, told me at the time. "Why don't you just leave it up the states to decide what they want to do in terms of technology, instead of putting your thumb on the scale?" States will have 90 days to comply with the new obligations. Many states were already nearing the finish line on their spending plans, and Louisiana, Delaware and Nevada had even received final approvals. Ironically, the effort to streamline BEAD might end up slowing it down even more. "They are extremely concerned, because as far as we can tell, that 90-day clock starts today," said Garner. "All of them are mid-stride, and they just had the rug yanked out from under them. It's hard to see how all that work doesn't just collapse right now."
