A recent investigation into malicious browser extensions
Last week, McAfee Labs’ Threat Research Team published a blog post about malicious browser extensions. It’s worth a read, as the investigation and its results are quite important. McAfee discovered that five extensions were inserting code into eCommerce websites, so that the extension authors could receive affiliate payments from their unknowing users.
Google Chrome acted swiftly and removed the storefronts of the offending extensions. But users who already have the extensions downloaded need to take the extra step to delete them.
Unfortunately, GoFullPage was mistaken by some users as one of the extensions in question, so we’re here to clear the air.
Copycats and bad actors
GoFullPage is a popular and widely trusted extension; we have over 6 million users and over 60,000 5-star reviews. Due to our brand recognition, there are extensions that copy elements of our UI, the language we use, and our original name (“Full Page Screen Capture“). These copycat extensions don’t always have the best of intentions.
In the McAfee blog post, the authors even mention that one of the malicious extensions:
borrows several phrases from another popular extension called GoFullPage
McAfee Labs
Borrowing our language and mirroring our title seems to have been a way to dupe some users into thinking they were using our extension.
We are constantly monitoring for copycats, and report offenders as soon as we’re aware of them. So far, the Edge and Chrome browsers have taken down every offender we’ve reported. Yet, extension users should also take extra care to make sure you are using a trusted extension.
GoFullPage or copycat?
Check name and ID
When comparing browser extensions, make sure to always compare the extension IDs, rather than the names. Here is a comparison of GoFullPage and the malicious actors’ Chrome Web Store names and extension IDs:
| GoFullPage | Bad Actor Extension identified by McAfee | |
| Storefront Name | “GoFullPage – Full Page Screen Capture” | “Full Page Screenshot Capture – Screenshotting” |
| Extension ID | fdpohaocaechififmbbbbbknoalclacl | pojgkmkfincpdkdgjepkmdekcahmckjp |
Look at install count and reviews
You can also take a look at user counts, as extensions that have over one million users are less common and have stood the test of time and user scrutiny. For example, we have over 6 million users, while the bad-actor extension had 200 thousand users when they were identified and taken down.
Research the extension creator
Also, make sure to look into who is creating the extension and how long the extension has been in existence. In our case, we were originally published on the Chrome Web Store in November of 2012 (a very special anniversary is approaching for us!) and our founder published a blog post about the product in December of 2012. This information is readily available on our FAQ.
A transparent and sustainable business
We’ve discussed internally our values and intentions with GoFullPage, and feel very strongly that:
- We want to continue developing and improving GoFullPage as an indispensable tool for capturing the web exactly as it looks on a screen. We’re in it for the long haul!
- We take privacy very seriously, and will not use or abuse user data or unnecessary permissions as a source of revenue. GoFullPage only requests permissions when they are absolutely necessary for capture or download.
- We want our revenue sources to be transparent and sustainable—by creating products that are useful. We want our revenue to come from people who want and need our tools, and want to pay for them.
To this end, we launched a premium tool in October of 2019. We see our premium offering as an ethical way to support the extension, and as a way to remain independent without using spyware or scams.
We are very grateful to be trusted by so many across the web, and are working everyday to honor and keep our users’ trust. And we are grateful to security researchers like McAfee for independently identifying malicious actors 💪
GoFullPage Blog 