Fake Ubiquiti Device Discovery Tool discovered on the Chrome Web Store

by Ubiquiti Employee ‎01-12-2018 01:17 PM - edited ‎01-12-2018 02:31 PM

Hi all,

 

It has come to our attention that there recently was a fake Chrome Extension listed in the Google Chrome Web Store, pretending to be our Ubiquiti Device Discovery Tool. Not only was it fake, but it is also harmful. At the time of writing, the fake extension has been removed. One thing to keep in mind is that our Chrome App cannot be found by searching the Chrome Web Store due to changes on Google's end. 

 

The fake extension replaced the content of Google search results and makes CORS requests to a malicious domain. There were over 2000 installs of the fake extension before it was removed. So please be mindful of what shows up by search in the Chrome Web Store, especially if you plan to install it. As mentioned before, the official Ubiquiti Device Discovery Tool Chrome App cannot be found by searching the Chrome Web Store.

 

There is a link for the real Chrome App on our official download site. You can find it under Utilities (see HERE).

 

The direct link to our official Chrome App is here: https://chrome.google.com/webstore/detail/ubiquiti-device-discovery/hmpigflbjeapnknladcfphgkemopofig

 

If you aren't sure which you have installed, please remove any copies of Ubiquiti Device Discovery Tool found within Extensions, and install the official one which is linked on our downloads page.

 

We're working with Google to see if this can be prevented from reoccurring. And remember, please exercise caution when searching for and installing any browser extensions or apps, whether it's ours or another.

 

Cheers,

Mike

 

EDIT: Attached an image showing the fake Ubiquiti Device Discovery Tool that was listed in the Chrome Web Store. 

Screen Shot 2018-01-02 at 12.18.52 PM.png
Comments
by
on ‎01-12-2018 06:31 PM

To help get the word out we shared this on our group "IT Install Nightmares and Greatness" on Facebook.

 

https://www.facebook.com/groups/itinstallnightmares/permalink/2059131534322691/

 

by
on ‎01-12-2018 09:04 PM

"The fake extension replaced the content of Google search results and makes CORS requests to a malicious domain. "

 

What sorts of requests did it make?  Is there any more information about what might have been going on with this tool?  What might have been compromised?  Some more information about this would be great! 

by
on ‎01-13-2018 08:07 AM

Is there anyway to block CORS requests on the network with USG?

by
on ‎01-13-2018 08:17 AM

Please note that the official UBNT Chrome App only seems to find devices if they are on your same VLAN. In my case I have all my Unifi devices on a management VLAN that is not the same as the VLAN my current device is on. As such no devices populate in the tool. 

 

Just in case others were curious how it worked. 

 

If there is something I'm missing (perhaps letting specific management traffic between VLAN's?) that allows this to work in a VLAN environment, please let me know.


Thanks

by
on ‎01-13-2018 08:48 AM

@joenoonz Yes it's L2.

by
‎01-17-2018 09:43 AM - edited ‎01-17-2018 09:45 AM
What is the App id that was reported as the fake app?
by
on ‎01-19-2018 10:59 AM

 @bbbbbbbbssssss cdmhnpplbgnnlgaldefebdphebdhppbn