Get Grass Extension is Dangerous

Back in January, I made an investigation on the Get Grass Project and the potential risks of using their extension. What we found back then was that the extension was collecting a lot of precious information from its users.

Technology that is being used behind the extension is called "Cursed Chrome" which is meant to serve as proxy between victim and the hacker.

A (cursed) Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies. By using the proxies this tool creates you can browse the web authenticated as your victim for all of their websites.

Now I'm sharing my latest intel about Grass and all the shady stuff in these two videos and supplied articles below which go into full documentation.

This is what the background-js file looks like and it has mention of cursed chrome technology. The proof of it being used can be found in documentation down below

➜ Read full documentation here https://github.com/security-chad/extension-analysis/blob/master/GRASS.md#does-grass-use-cursedchrome

How to Fix The Issue

First, you have to remove the extension, then proceed to clear cookies, then change your passwords and potentially even autofill data as well. If you want to be very thorough you might want to consider even moving all your crypto assets into a brand new wallets.

➜ Full article - https://sagerunner.net/get-grass-extension-is-spying-on-you-hack-warning/