Is "PassLok Universal" on Chrome Web Store Safe to Install?
TAKE PRIVACY INTO YOUR OWN HANDS Easy, end-to-end secure encryption for email and other web-based communication systems, plus real-time chat, that does not rely on servers and is therefore immune to hacking or government intervention. Very similar to PassLok for Email, also in this store, except that it supports any Email Service, including Gmail, Yahoo, Outlook online, and many more. PassLok Universal is also a full-fledged password manager which, unlike most other managers out there, does NOT involve a server, yet it syncs between computers. Its password management engine is that of SynthPass, also in this store. And if you're not exchanging messages or filling passwords, clicking the PassLok Universal icon will allow you to save secure notes on any website, or to load it into a special "Incognito" page that loads within the normal Chrome window. This function, also available via the right-click menu, is borrowed from Page Cage, also in this store. --PassLok Universal is incredibly easy to use-- To encrypt a message or file, just click the PassLok icon when the email service's Compose or Reply window is visible. A popup will take your private message and encrypt it with the click of a button. Then you can send it out like any other message, or as an attachment. To decrypt it, display the encrypted message and click the PassLok icon. A popup will show the decrypted message or file immediately, if there is one. PassLok asks you for your Password only once. It can be anything you want, so you can actually remember it. PassLok will evaluate its strength and compensate for its weakness by lengthening the computations. It won't be stored or sent anywhere, and PassLok will forget it after five minutes of inactivity. If you want to change your Password, go ahead and start using a new one when PassLok asks you for it. You may be asked for the old Password if PassLok can't decrypt something, but otherwise that's all you'll have to do. --Lots of power in a slender package-- You can use either of these five encryption modes, by just clicking a button: 1. Signed mode: encrypted messages can be decrypted again, so long as the recipients supply their authentic passwords. Recipients are also assured that the message was encrypted by the sender. 2. Read-once mode: after a few encrypted messages have been exchanged they can no longer be decrypted by anyone, even if they supply the correct passwords. 3. Chat mode: you can make invitations which, when decrypted by the recipients, open a webRTC real-time chat session where participants are directly connected to one another. The chat session includes text, files, audio, and even video. 4. Anonymous mode: for when you are using a dummy email account or otherwise do not wish to reveal your identity. 5. Shared password mode: most secure when you have previously shared a secret with the recipients PassLok Universal allows you to encrypt files and images as well. Just load them with a toolbar button. You can also encrypt them separately and load them as regular attachments. For the very paranoid (and who isn't these days?), PassLok Universal includes four special features: 1. Encrypt to image: the message is encrypted into an image you supply and then attach to your email, so the presence of a hidden message cannot be detected even by computer analysis. 2. Concealed mode: the encrypted message does not look encrypted, but actually looks like normal text. PassLok still detects it and decrypts it normally, though. 3. Invisible mode: the encrypted material cannot be seen at all. It is hidden in the space between the lines of an otherwise normal message. 4. Hidden msg: there is a hidden message in addition to the regular message, and it is encrypted by a separate key. The hidden message is completely undetectable to those who don't know it exists. Images also can contain hidden messages. --State-of-the art security-- PassLok is based on the NaCl encryption engine, which uses 255-bit standard elliptic curves vetted against weaknesses by experts. On top of that, it uses the 256-bit XSalsa20 symmetric cipher, a high-performance, open source algorithm, which has been scrutinized by experts for nearly a decade without any practical weaknesses being found. The image-encryption part of PassLok, developed in-house but open-source, has recently been shown to be much harder to detect than F5, the champion steganography tool until now. PassLok does not use servers that might eventually compromise your private data. All encryption is done client-side. All data sent to the email server is encrypted, and they don't have the password that decrypts it. With PassLok, you can actually SEE that that your messages have been encrypted. You can also see the code. PassLok hides nothing from you. --PassLok Universal may be the only password manager you'll ever use-- It's a different kind of password manager: it is a password synthesizer. With PassLok Universal, there is no "vault" that has to be protected from hackers because your passwords are synthesized on the fly, just as you need them. PassLok-made passwords are always high strength and comprise letters, numbers, and special characters. Passwords for different websites are guaranteed to be totally different. You never have to change your Master Password. When a website forces you to change its password, simply change the optional serial that is used to synthesize that password. PassLok will remember the serial, as well as your user ID. Your Master Password will never be stored, and it disappears from memory after five minutes not using it. But if you absolutely must use a certain password, PassLok got you covered too! It is encrypted before storage and synced with the browser itself, so no third parties need to be involved. Unlike conventional password managers, PassLok - won't pop up and interrupt your flow; it is activated only when you click its icon on the browser toolbar - won't force you to store anything secret, only user IDs and optional serials, if you allow it - is always available, because it does not have to connect to "the Cloud" - makes only strong passwords - won't ask you for money - won't show ads PassLok Universal uses the SynthPass engine, which is based on the WiseHash key-stretching algorithm. WiseHash evaluates the information entropy of your Master Password and subjects it to a variable number of rounds of SCRYPT key-stretching. The weaker the password, the more stretching. This forces would-be hackers to spend an inordinate amount of computer time testing weak passwords before they can get to yours. PassLok displays an accurate measurement of your Master Password's entropy to help you come up with a strong one. --PassLok Universal improves on Incognito mode-- If you are neither encrypting email nor filling passwords, clicking the PassLok Universal icon displays a popup with two nifty functions: 1. You can save a note on any website, which syncs with it and is securely encrypted. Again, no servers involved. The content can be anything, not just passwords. 2. Or you can put the whole page into an "Isolation cage" similar to incognito mode, but running next to your regular tabs. The cage also contains links to Web search services that won't track you (or so they say, we don't make claims about it), and additional free apps in PassLok's family. This is the same functionality as that of Page Cage, also in this store. PassLok Universal is fully compatible with PassLok for Email and SynthPass, and is now in public beta testing.
Risk Assessment
Analyzed308 security findings detected across all analyzers
Chrome extension requesting 6 permissions
Severity Breakdown
Finding Categories
YARA Rules Matched
9 rules(95 hits)Requested Permissions
6 permissionsRead and modify your browsing history
About This Extension
Detailed Findings
96 totalYARA Rule Matches
9 rulesIndicators of Compromise
Network indicators, suspicious strings, and potential IoCs extracted during analysis
All Indicators · 174
detected IP: 4.2.10.2 XIOC detected IP: 4.2.10.2
extracted_from_files
detected URL: https://passlok.com/app XIOC detected URL: https://passlok.com/app
extracted_from_files
detected URL: https://xato.net/passwords/more-top-worst-passwords, XIOC detected URL: https://xato.net/passwords/more-top-worst-passwords,
extracted_from_files
detected URL: https://github.com/first20hours/google-10000-english. XIOC detected URL: https://github.com/first20hours/google-10000-english.
extracted_from_files
detected URL: http://snippetrepo.com/snippets/bignum-base-conversion, XIOC detected URL: http://snippetrepo.com/snippets/bignum-base-conversion,
extracted_from_files
detected URL: https://github.com/fruiz500/passlok-stego XIOC detected URL: https://github.com/fruiz500/passlok-stego
extracted_from_files
detected URL: https://github.com/fruiz500/PassLok4email XIOC detected URL: https://github.com/fruiz500/PassLok4email
extracted_from_files
detected URL: http://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder, XIOC detected URL: http://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder,
extracted_from_files
detected URL: https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible XIOC detected URL: https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible
extracted_from_files
detected URL: http://www.w3.org/TR/xml/#d0e804) XIOC detected URL: http://www.w3.org/TR/xml/#d0e804)
extracted_from_files
detected URL: https://github.com/sindresorhus/validate-element-name XIOC detected URL: https://github.com/sindresorhus/validate-element-name
extracted_from_files
detected URL: https://github.com/dchest/scrypt-async-js XIOC detected URL: https://github.com/dchest/scrypt-async-js
extracted_from_files
detected URL: http://www.howtocreate.co.uk. XIOC detected URL: http://www.howtocreate.co.uk.
extracted_from_files
detected URL: https://chrome.google.com/webstore/detail/passlok-universal/lbmlbnfgnbfppkfijbbpnecpglockled XIOC detected URL: https://chrome.google.com/webstore/detail/passlok-universal/lbmlbnfgnbfppkfijbbpnecpglockled
extracted_from_files
detected URL: https://addons.mozilla.org/en-US/firefox/addon/passlok-universal/ XIOC detected URL: https://addons.mozilla.org/en-US/firefox/addon/passlok-universal/
extracted_from_files
detected URL: http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries) XIOC detected URL: http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries)
extracted_from_files
detected URL: http://www.w3.org/1998/Math/MathML'; XIOC detected URL: http://www.w3.org/1998/Math/MathML';
extracted_from_files
detected URL: http://www.w3.org/2000/svg'; XIOC detected URL: http://www.w3.org/2000/svg';
extracted_from_files
detected URL: http://www.w3.org/1999/xhtml'; XIOC detected URL: http://www.w3.org/1999/xhtml';
extracted_from_files
detected URL: https://www.w3.org/TR/xhtml1/normative.html#strict) XIOC detected URL: https://www.w3.org/TR/xhtml1/normative.html#strict)
extracted_from_files
detected URL: http://www.w3.org/1999/xhtml XIOC detected URL: http://www.w3.org/1999/xhtml
extracted_from_files
detected URL: https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes) XIOC detected URL: https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes)
extracted_from_files
detected URL: https://github.com/owencm/js-steg XIOC detected URL: https://github.com/owencm/js-steg
extracted_from_files
detected URL: http://www.apache.org/licenses/LICENSE-2.0 XIOC detected URL: http://www.apache.org/licenses/LICENSE-2.0
extracted_from_files
detected URL: http://www.wtfpl.net/ XIOC detected URL: http://www.wtfpl.net/
extracted_from_files
detected URL: http://pieroxy.net/blog/pages/lz-string/testing.html XIOC detected URL: http://pieroxy.net/blog/pages/lz-string/testing.html
extracted_from_files
detected URL: http://tweetnacl.cr.yp.to/ XIOC detected URL: http://tweetnacl.cr.yp.to/
extracted_from_files
detected URL: https://github.com/floodyberry/poly1305-donna XIOC detected URL: https://github.com/floodyberry/poly1305-donna
extracted_from_files
detected URL: https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType XIOC detected URL: https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType
extracted_from_files
detected URL: https://github.com/dchest/ed2curve-js-- XIOC detected URL: https://github.com/dchest/ed2curve-js--
extracted_from_files
detected URL: https://github.com/pieroxy/lz-string-- XIOC detected URL: https://github.com/pieroxy/lz-string--
extracted_from_files
detected URL: https://github.com/cure53/DOMPurify-- XIOC detected URL: https://github.com/cure53/DOMPurify--
extracted_from_files
detected URL: https://github.com/owencm/js-steg. XIOC detected URL: https://github.com/owencm/js-steg.
extracted_from_files
detected URL: https://github.com/rubycon/isaac.js-- XIOC detected URL: https://github.com/rubycon/isaac.js--
extracted_from_files
detected URL: http://burtleburtle.net/bob/rand/isaac.html XIOC detected URL: http://burtleburtle.net/bob/rand/isaac.html
extracted_from_files
detected URL: http://burtleburtle.net/bob/rand/isaacafa.html XIOC detected URL: http://burtleburtle.net/bob/rand/isaacafa.html
extracted_from_files
detected URL: https://prgomez.com/passlok4emailcurrent/ XIOC detected URL: https://prgomez.com/passlok4emailcurrent/
extracted_from_files
detected URL: http://hash.online-convert.com/sha256-generator XIOC detected URL: http://hash.online-convert.com/sha256-generator
extracted_from_files
detected URL: https://chrome.google.com/webstore/detail/ignore-x-frame-headers/gleekbfjekiniecknbkamfmkohkpodhe XIOC detected URL: https://chrome.google.com/webstore/detail/ignore-x-frame-headers/gleekbfjekiniecknbkamfmkohkpodhe
extracted_from_files
detected URL: https://addons.mozilla.org/en-US/firefox/addon/ignore-x-frame-options-header/ XIOC detected URL: https://addons.mozilla.org/en-US/firefox/addon/ignore-x-frame-options-header/
extracted_from_files
detected URL: https://defuse.ca/checksums.htm XIOC detected URL: https://defuse.ca/checksums.htm
extracted_from_files
detected URL: https://passlok.com XIOC detected URL: https://passlok.com
extracted_from_files
detected URL: https://gmailcrypt.weebly.com/get-passlok.html XIOC detected URL: https://gmailcrypt.weebly.com/get-passlok.html
extracted_from_files
detected URL: https://crxextractor.com/ XIOC detected URL: https://crxextractor.com/
extracted_from_files
detected URL: https://chromewebstore.google.com/detail/passlok-universal/lbmlbnfgnbfppkfijbbpnecpglockled XIOC detected URL: https://chromewebstore.google.com/detail/passlok-universal/lbmlbnfgnbfppkfijbbpnecpglockled
extracted_from_files
detected Domain: importnode.call XIOC detected Domain: importnode.call
extracted_from_files
detected URL: https://hash.online-convert.com/sha256-generator XIOC detected URL: https://hash.online-convert.com/sha256-generator
extracted_from_files
detected URL: https://www.youtube.com/watch?v=oFCrETTwySw XIOC detected URL: https://www.youtube.com/watch?v=oFCrETTwySw
extracted_from_files
detected URL: https://www.youtube.com/watch?v=96pSh4h1CAU XIOC detected URL: https://www.youtube.com/watch?v=96pSh4h1CAU
extracted_from_files
detected URL: https://www.youtube.com/watch?v=Y5jwImGkzCc XIOC detected URL: https://www.youtube.com/watch?v=Y5jwImGkzCc
extracted_from_files
detected URL: https://www.youtube.com/watch?v=5YY6-tNJe94 XIOC detected URL: https://www.youtube.com/watch?v=5YY6-tNJe94
extracted_from_files
detected URL: https://www.youtube.com/watch?v=t8WnayDPVYk XIOC detected URL: https://www.youtube.com/watch?v=t8WnayDPVYk
extracted_from_files
detected URL: https://www.youtube.com/watch?v=xgkeZRJnv4o XIOC detected URL: https://www.youtube.com/watch?v=xgkeZRJnv4o
extracted_from_files
detected URL: https://www.youtube.com/watch?v=H1LfZyCxB9o XIOC detected URL: https://www.youtube.com/watch?v=H1LfZyCxB9o
extracted_from_files
detected URL: https://www.youtube.com/watch?v=zk_qrAX7_G8 XIOC detected URL: https://www.youtube.com/watch?v=zk_qrAX7_G8
extracted_from_files
detected URL: http://www.7-zip.org/ XIOC detected URL: http://www.7-zip.org/
extracted_from_files
detected URL: http://www.kekaosx.com/ XIOC detected URL: http://www.kekaosx.com/
extracted_from_files
detected URL: https://wiki.archlinux.org/index.php/p7zip XIOC detected URL: https://wiki.archlinux.org/index.php/p7zip
extracted_from_files
detected URL: https://www.youtube.com/watch?v=S9sK4V0tUe0 XIOC detected URL: https://www.youtube.com/watch?v=S9sK4V0tUe0
extracted_from_files
detected URL: https://www.youtube.com/watch?v=FH2qN5TUdSk XIOC detected URL: https://www.youtube.com/watch?v=FH2qN5TUdSk
extracted_from_files
detected URL: https://passlok.com/human XIOC detected URL: https://passlok.com/human
extracted_from_files
detected URL: https://www.youtube.com/watch?v=B--WbQ8ubhg XIOC detected URL: https://www.youtube.com/watch?v=B--WbQ8ubhg
extracted_from_files
detected URL: https://play.google.com/store/apps/details?id=com.fruiz500.passlok XIOC detected URL: https://play.google.com/store/apps/details?id=com.fruiz500.passlok
extracted_from_files
detected URL: https://synthpass.com/app XIOC detected URL: https://synthpass.com/app
extracted_from_files
detected URL: https://kyberlock.com/app XIOC detected URL: https://kyberlock.com/app
extracted_from_files
detected URL: https://www.youtube.com/watch?v=KiiX9hg4PrQ XIOC detected URL: https://www.youtube.com/watch?v=KiiX9hg4PrQ
extracted_from_files
detected URL: https://www.youtube.com/watch?v=aomKUA4PcAI XIOC detected URL: https://www.youtube.com/watch?v=aomKUA4PcAI
extracted_from_files
detected URL: https://www.youtube.com/watch?v=RLGScvETOEc XIOC detected URL: https://www.youtube.com/watch?v=RLGScvETOEc
extracted_from_files
detected URL: https://chrome.google.com/webstore/detail/passlok-privacy/epcchpdljafmfegifkigklfcmkphfmbh XIOC detected URL: https://chrome.google.com/webstore/detail/passlok-privacy/epcchpdljafmfegifkigklfcmkphfmbh
extracted_from_files
detected URL: https://chrome.google.com/webstore/detail/passlok-for-email/ehakihemolfjgbbfhkbjgahppbhecclh XIOC detected URL: https://chrome.google.com/webstore/detail/passlok-for-email/ehakihemolfjgbbfhkbjgahppbhecclh
extracted_from_files
detected URL: https://addons.mozilla.org/en-US/firefox/addon/passlok-for-email/ XIOC detected URL: https://addons.mozilla.org/en-US/firefox/addon/passlok-for-email/
extracted_from_files
detected URL: https://passlok.com/files/passlok4email_technical_document.pdf XIOC detected URL: https://passlok.com/files/passlok4email_technical_document.pdf
extracted_from_files
detected URL: https://clients2.google.com/service/update2/crx XIOC detected URL: https://clients2.google.com/service/update2/crx
extracted_from_files
detected URL: https://passlok.com/lockdir XIOC detected URL: https://passlok.com/lockdir
extracted_from_files
detected URL: https://github.com/fruiz500/wisehash-- XIOC detected URL: https://github.com/fruiz500/wisehash--
extracted_from_files
detected URL: https://github.com/dchest/tweetnacl-js-- XIOC detected URL: https://github.com/dchest/tweetnacl-js--
extracted_from_files
detected URL: https://github.com/dchest/scrypt-async-js-- XIOC detected URL: https://github.com/dchest/scrypt-async-js--
extracted_from_files
detected URL: https://chrome.google.com/webstore/detail/fusionkey/legnppmlegkibpinfjodjbejohblaaam XIOC detected URL: https://chrome.google.com/webstore/detail/fusionkey/legnppmlegkibpinfjodjbejohblaaam
extracted_from_files
detected URL: https://addons.mozilla.org/en-US/firefox/addon/fusionkey/ XIOC detected URL: https://addons.mozilla.org/en-US/firefox/addon/fusionkey/
extracted_from_files
detected URL: https://passlok.com/chat/chat.html#' XIOC detected URL: https://passlok.com/chat/chat.html#'
extracted_from_files
detected URL: https://passlok.com/learn XIOC detected URL: https://passlok.com/learn
extracted_from_files
detected URL: https://passlok.com/seeonce XIOC detected URL: https://passlok.com/seeonce
extracted_from_files
detected URL: https://passlok.com/ursa XIOC detected URL: https://passlok.com/ursa
extracted_from_files
detected URL: https://passlok.com/stego XIOC detected URL: https://passlok.com/stego
extracted_from_files
detected Domain: www.irongeek.com XIOC detected Domain: www.irongeek.com
extracted_from_files
detected Domain: clients2.google.com XIOC detected Domain: clients2.google.com
extracted_from_files
detected URL: http://fsf.org/ XIOC detected URL: http://fsf.org/
extracted_from_files
detected URL: http://www.gnu.org/licenses/ XIOC detected URL: http://www.gnu.org/licenses/
extracted_from_files
detected URL: http://www.gnu.org/philosophy/why-not-lgpl.html XIOC detected URL: http://www.gnu.org/philosophy/why-not-lgpl.html
extracted_from_files
detected Domain: range.select XIOC detected Domain: range.select
extracted_from_files
detected Domain: date.now XIOC detected Domain: date.now
extracted_from_files
detected Domain: google.com XIOC detected Domain: google.com
extracted_from_files
detected Domain: live.com XIOC detected Domain: live.com
extracted_from_files
detected Domain: yahoo.com XIOC detected Domain: yahoo.com
extracted_from_files
detected Domain: box.select XIOC detected Domain: box.select
extracted_from_files
detected Domain: filetoload.name XIOC detected Domain: filetoload.name
extracted_from_files
detected Domain: pageurl.click XIOC detected Domain: pageurl.click
extracted_from_files
detected Domain: www.howtocreate.co.uk XIOC detected Domain: www.howtocreate.co.uk
extracted_from_files
detected Domain: document.location.host XIOC detected Domain: document.location.host
extracted_from_files
detected Domain: outnode.id XIOC detected Domain: outnode.id
extracted_from_files
detected Domain: filelink.download XIOC detected Domain: filelink.download
extracted_from_files
detected Domain: xato.net XIOC detected Domain: xato.net
extracted_from_files
detected Domain: snippetrepo.com XIOC detected Domain: snippetrepo.com
extracted_from_files
detected Domain: qwant.com XIOC detected Domain: qwant.com
extracted_from_files
detected Domain: searx.me XIOC detected Domain: searx.me
extracted_from_files
detected Domain: wolframalpha.com XIOC detected Domain: wolframalpha.com
extracted_from_files
detected Domain: gigablast.com XIOC detected Domain: gigablast.com
extracted_from_files
detected Domain: swisscows.ch XIOC detected Domain: swisscows.ch
extracted_from_files
detected Domain: metager.de XIOC detected Domain: metager.de
extracted_from_files
detected Domain: oscobo.co.uk XIOC detected Domain: oscobo.co.uk
extracted_from_files
detected Domain: chrome.storage XIOC detected Domain: chrome.storage
extracted_from_files
detected Domain: activetab.id XIOC detected Domain: activetab.id
extracted_from_files
detected Domain: duckduckgo.com XIOC detected Domain: duckduckgo.com
extracted_from_files
detected Domain: search.disconnect.me XIOC detected Domain: search.disconnect.me
extracted_from_files
detected Domain: gibiru.com XIOC detected Domain: gibiru.com
extracted_from_files
detected Domain: startpage.com XIOC detected Domain: startpage.com
extracted_from_files
detected Domain: findx.com XIOC detected Domain: findx.com
extracted_from_files
detected Domain: nodefilter.show XIOC detected Domain: nodefilter.show
extracted_from_files
detected Domain: hook.call XIOC detected Domain: hook.call
extracted_from_files
detected Domain: currentnode.data XIOC detected Domain: currentnode.data
extracted_from_files
detected Domain: createdocumentfragment.call XIOC detected Domain: createdocumentfragment.call
extracted_from_files
detected Domain: body.ownerdocument.doctype.name XIOC detected Domain: body.ownerdocument.doctype.name
extracted_from_files
detected Domain: purify.js.map XIOC detected Domain: purify.js.map
extracted_from_files
detected Domain: developer.mozilla.org XIOC detected Domain: developer.mozilla.org
extracted_from_files
detected Domain: w3c.github.io XIOC detected Domain: w3c.github.io
extracted_from_files
detected Domain: html.spec.whatwg.org XIOC detected Domain: html.spec.whatwg.org
extracted_from_files
detected Domain: cfg.safe XIOC detected Domain: cfg.safe
extracted_from_files
detected Domain: cfg.in XIOC detected Domain: cfg.in
extracted_from_files
detected Domain: getelementsbytagname.call XIOC detected Domain: getelementsbytagname.call
extracted_from_files
detected Domain: createnodeiterator.call XIOC detected Domain: createnodeiterator.call
extracted_from_files
detected Domain: object.prototype.hasownproperty.call XIOC detected Domain: object.prototype.hasownproperty.call
extracted_from_files
detected Domain: tweetnacl.cr.yp.to XIOC detected Domain: tweetnacl.cr.yp.to
extracted_from_files
detected Domain: nacl.secretbox.open XIOC detected Domain: nacl.secretbox.open
extracted_from_files
detected Domain: nacl.box XIOC detected Domain: nacl.box
extracted_from_files
detected Domain: nacl.box.open XIOC detected Domain: nacl.box.open
extracted_from_files
detected Domain: nacl.sign.open XIOC detected Domain: nacl.sign.open
extracted_from_files
detected Domain: array.prototype.slice.call XIOC detected Domain: array.prototype.slice.call
extracted_from_files
detected Domain: xhr.open XIOC detected Domain: xhr.open
extracted_from_files
detected Domain: imagedata.data XIOC detected Domain: imagedata.data
extracted_from_files
detected Domain: www.bytestrom.eu XIOC detected Domain: www.bytestrom.eu
extracted_from_files
detected Domain: www.owencampbellmoore.com XIOC detected Domain: www.owencampbellmoore.com
extracted_from_files
detected Domain: image.data XIOC detected Domain: image.data
extracted_from_files
detected Domain: www.wtfpl.net XIOC detected Domain: www.wtfpl.net
extracted_from_files
detected Domain: pieroxy.net XIOC detected Domain: pieroxy.net
extracted_from_files
detected Domain: gomez.com XIOC detected Domain: gomez.com
extracted_from_files
detected Domain: jitsi.org XIOC detected Domain: jitsi.org
extracted_from_files
detected Domain: www.w3.org XIOC detected Domain: www.w3.org
extracted_from_files
detected Domain: jit.si XIOC detected Domain: jit.si
extracted_from_files
detected Domain: burtleburtle.net XIOC detected Domain: burtleburtle.net
extracted_from_files
detected Domain: www.apache.org XIOC detected Domain: www.apache.org
extracted_from_files
detected Domain: frame.progressive XIOC detected Domain: frame.progressive
extracted_from_files
detected Domain: crxextractor.com XIOC detected Domain: crxextractor.com
extracted_from_files
detected Domain: chromewebstore.google.com XIOC detected Domain: chromewebstore.google.com
extracted_from_files
detected Domain: www.bitser.org XIOC detected Domain: www.bitser.org
extracted_from_files
detected Domain: hash.online-convert.com XIOC detected Domain: hash.online-convert.com
extracted_from_files
detected Domain: defuse.ca XIOC detected Domain: defuse.ca
extracted_from_files
detected Domain: gmailcrypt.weebly.com XIOC detected Domain: gmailcrypt.weebly.com
extracted_from_files
detected Domain: prgomez.com XIOC detected Domain: prgomez.com
extracted_from_files
detected Domain: www.youtube.com XIOC detected Domain: www.youtube.com
extracted_from_files
detected Domain: play.google.com XIOC detected Domain: play.google.com
extracted_from_files
detected Domain: synthpass.com XIOC detected Domain: synthpass.com
extracted_from_files
detected Domain: kyberlock.com XIOC detected Domain: kyberlock.com
extracted_from_files
detected Domain: www.7-zip.org XIOC detected Domain: www.7-zip.org
extracted_from_files
detected Domain: www.kekaosx.com XIOC detected Domain: www.kekaosx.com
extracted_from_files
detected Domain: wiki.archlinux.org XIOC detected Domain: wiki.archlinux.org
extracted_from_files
detected Domain: fsf.org XIOC detected Domain: fsf.org
extracted_from_files
detected Domain: www.gnu.org XIOC detected Domain: www.gnu.org
extracted_from_files
detected Domain: chrome.google.com XIOC detected Domain: chrome.google.com
extracted_from_files
detected Domain: addons.mozilla.org XIOC detected Domain: addons.mozilla.org
extracted_from_files
detected Domain: passlok.com XIOC detected Domain: passlok.com
extracted_from_files
detected Domain: result.name XIOC detected Domain: result.name
extracted_from_files
detected Domain: github.com XIOC detected Domain: github.com
extracted_from_files
detected URL: https://www.bitser.org/checksum-calculator-windows-7-freeware.shtml XIOC detected URL: https://www.bitser.org/checksum-calculator-windows-7-freeware.shtml
extracted_from_files
Security Analysis Summary
Security Analysis Overview
PassLok Universal is a Chrome Web Store extension published by [email protected]. Version 1.0 has been analyzed by the Risky Plugins security platform, receiving a risk score of 50.6/100 (MEDIUM risk) based on 308 security findings.
Risk Assessment
This extension presents moderate security risk. Several findings were detected that may warrant attention. Users should carefully review the permissions and findings before installation.
Findings Breakdown
- High: 95 finding(s)
- Medium: 213 finding(s)
What Was Analyzed
The security assessment covers multiple analysis categories:
- Malware Detection: YARA rule matching against 2,400+ malware signatures
- Secret Detection: Scanning for exposed API keys, tokens, and credentials
- Static Analysis: Code-level security analysis for common vulnerability patterns
- Network Analysis: Detection of suspicious network communications and endpoints
- Obfuscation Detection: Identification of code obfuscation techniques
Developer Information
PassLok Universal is published by [email protected] on the Chrome Web Store marketplace. The extension has approximately 77 users.
Recommendation
Exercise caution with this extension. Review the detailed findings and ensure the requested permissions align with the extension's stated functionality before installation.
Source Code Not Available
Source code is not available for this version of the extension.
Frequently Asked Questions
Similar Extensions
Related extensions from the same publisher or marketplace