Is "OnHand" on Chrome Web Store Safe to Install?

[email protected] · chrome · v2.1.0

Сreated for easy and convenient management of your favorite sites, which can be opened directly from a browser "new tab" page. Neat and minimalistic. Uses material design. Features: - adding bookmarks in a simple way - grouping bookmarks using tabs - easy data management, loading and saving to a file, without clouds and accounts - automatically switching between light and dark mode depending on the system or browser color mode Supported by almost all popular desktop browsers in the world (except Opera): Google Chrome, Firefox, Edge, Chromium etc. This extension is guaranteed to always be free and open source. The extension is multilingual. At the moment, only three languages are implemented and supported: English, Russian and Ukrainian. Other languages can easily be added. I would be grateful for your cooperation.

Risk Assessment

Analyzed
100
out of 100
CRITICAL

5463 security findings detected across all analyzers

Chrome extension requesting 4 permissions

Severity Breakdown

0
Critical
948
High
4515
Medium
0
Low
0
Info

Finding Categories

125
Malware Signatures
828
Obfuscation
34
Network
13
IoC Indicators

YARA Rules Matched

14 rules(125 hits)
postinstall registry modification postinstall system command postinstall persistence mechanism NoUseWeakRandom postinstall crypto operations credential env files postinstall obfuscation SQLInjection postinstall file manipulation postinstall network communication postinstall file download NoUseEval UsingCommandLineArguments postinstall environment access

Requested Permissions

4 permissions
<all_urls>

Access and modify data on every website you visit

Dangerous
storage
Low
unlimitedStorage
Low
declarativeContent
Low

About This Extension

Сreated for easy and convenient management of your favorite sites, which can be opened directly from a browser "new tab" page. Neat and minimalistic. Uses material design. Features: - adding bookmarks in a simple way - grouping bookmarks using tabs - easy data management, loading and saving to a file, without clouds and accounts - automatically switching between light and dark mode depending on the system or browser color mode Supported by almost all popular desktop browsers in the world (except Opera): Google Chrome, Firefox, Edge, Chromium etc. This extension is guaranteed to always be free and open source. The extension is multilingual. At the moment, only three languages are implemented and supported: English, Russian and Ukrainian. Other languages can easily be added. I would be grateful for your cooperation.

Detailed Findings

987 total

YARA Rule Matches

14 rules

Indicators of Compromise

Network indicators, suspicious strings, and potential IoCs extracted during analysis

Domains
13
Strings
13

All Indicators · 13

Domain
detected Domain: s.nr

XIOC detected Domain: s.nr

extracted_from_files

Domain
detected Domain: o.cl

XIOC detected Domain: o.cl

extracted_from_files

Domain
detected Domain: q.gb

XIOC detected Domain: q.gb

extracted_from_files

Domain
detected Domain: l.mt

XIOC detected Domain: l.mt

extracted_from_files

Domain
detected Domain: j.gb

XIOC detected Domain: j.gb

extracted_from_files

Domain
detected Domain: s.f.es

XIOC detected Domain: s.f.es

extracted_from_files

Domain
detected Domain: s.sc

XIOC detected Domain: s.sc

extracted_from_files

Domain
detected Domain: q.a.gi

XIOC detected Domain: q.a.gi

extracted_from_files

Domain
detected Domain: q.y.al

XIOC detected Domain: q.y.al

extracted_from_files

Domain
detected Domain: q.tn

XIOC detected Domain: q.tn

extracted_from_files

Domain
detected Domain: this.e.gi

XIOC detected Domain: this.e.gi

extracted_from_files

Domain
detected Domain: l.cl

XIOC detected Domain: l.cl

extracted_from_files

Domain
detected Domain: l.ss

XIOC detected Domain: l.ss

extracted_from_files

Security Analysis Summary

Security Analysis Overview

OnHand is a Chrome Web Store extension published by [email protected]. Version 2.1.0 has been analyzed by the Risky Plugins security platform, receiving a risk score of 100/100 (CRITICAL risk) based on 5463 security findings.

Risk Assessment

This extension presents critical security risk. Severe issues were detected, potentially including malware indicators, exposed secrets, or dangerous behaviors. Installation is strongly discouraged until these issues are addressed.

Findings Breakdown

  • High: 948 finding(s)
  • Medium: 4515 finding(s)

What Was Analyzed

The security assessment covers multiple analysis categories:

  • Malware Detection: YARA rule matching against 2,400+ malware signatures
  • Secret Detection: Scanning for exposed API keys, tokens, and credentials
  • Static Analysis: Code-level security analysis for common vulnerability patterns
  • Network Analysis: Detection of suspicious network communications and endpoints
  • Obfuscation Detection: Identification of code obfuscation techniques

Developer Information

OnHand is published by [email protected] on the Chrome Web Store marketplace. The extension has approximately 5 users.

Recommendation

This extension is not recommended for installation without thorough manual review. Consider alternatives with lower risk scores, or contact the developer to address the identified security concerns.

Frequently Asked Questions

Similar Extensions

Related extensions from the same publisher or marketplace

BugZap — Visual Bug Reporter

[email protected]

CRITICAL

Auto Gmail - ChatGPT AI for email inbox

[email protected]

CRITICAL 1K users

Clear Cache Chrome

[email protected]

CRITICAL 9K users

LinkedIn Cringe-o-meter

[email protected]

CRITICAL 54 users

Brightery Website Builder

[email protected]

CRITICAL 469 users

鲸良跨境ERP助手

[email protected]

CRITICAL 12 users