DeceptiveBrowserExtensions ID's

[user17286439]

https://github.com/DomainTools/SecuritySnacks/blob/main/2025/DeceptiveBrowserExtensions-AISlop

why not add a list of malicious extension identifiers?

[m-terlinde]

That would help us as well!
The IDs could be directly blocked for the browsers.

I'd love to see them as an update :).

[user17286439]

@icampbelldt

[icampbelldt]

@user17286439 @m-terlinde That's a great point. Let me look into it and get back to you.

[icampbelldt]

Just to update, working on possible solutions here (extension identifier extraction is proving slightly complex). Still plugging away!

[icampbelldt]

@user17286439 @m-terlinde As we were noodling on it, LayerX built off our research and beat us to it! You can find 40 extension IDs at their link: https://layerxsecurity.com/blog/layerx-reveals-40malicious-browser-extensions/

Really good work on their part!

[m-terlinde]

Thanks a lot for the update, I'll check them out.
Maybe you also want to link them in the file for future reference?

Would be nice for the next time, since it's easier to hunt by extension ID, depending on the telemetry.

I propose closing this issue.