Is "GoHighlander Loader" on Chrome Web Store Safe to Install?

[email protected] · chrome · v1.0

This extension helps GoHighlander APP users to load schedules more conviniently by generating QR Code and Magic Code directly on chrome.

Risk Assessment

Analyzed
37.11
out of 100
LOW

26 security findings detected across all analyzers

Chrome extension requesting 3 permissions

Severity Breakdown

0
Critical
6
High
20
Medium
0
Low
0
Info

Finding Categories

6
Malware Signatures
19
IoC Indicators

YARA Rules Matched

5 rules(6 hits)
postinstall obfuscation postinstall file manipulation postinstall file download postinstall system command postinstall crypto operations

Requested Permissions

3 permissions
activeTab
Medium
scripting
Low
https://registrationssb.ucr.edu/*
Low

About This Extension

This extension helps GoHighlander APP users to load schedules more conviniently by generating QR Code and Magic Code directly on chrome.

Detailed Findings

6 total

YARA Rule Matches

5 rules

Indicators of Compromise

Network indicators, suspicious strings, and potential IoCs extracted during analysis

URLs
8
Domains
11
Strings
19

All Indicators · 19

Domain
detected Domain: clients2.google.com

XIOC detected Domain: clients2.google.com

extracted_from_files

URL
detected URL: https://cdnjs.cloudflare.com/ajax/libs/qrcodejs/1.0.0/qrcode.min.js

XIOC detected URL: https://cdnjs.cloudflare.com/ajax/libs/qrcodejs/1.0.0/qrcode.min.js

extracted_from_files

URL
detected URL: http://www.w3.org/2000/svg

XIOC detected URL: http://www.w3.org/2000/svg

extracted_from_files

URL
detected URL: http://www.w3.org/2000/xmlns/

XIOC detected URL: http://www.w3.org/2000/xmlns/

extracted_from_files

URL
detected URL: http://www.w3.org/1999/xlink

XIOC detected URL: http://www.w3.org/1999/xlink

extracted_from_files

Domain
detected Domain: ffail.call

XIOC detected Domain: ffail.call

extracted_from_files

Domain
detected Domain: fsuccess.call

XIOC detected Domain: fsuccess.call

extracted_from_files

Domain
detected Domain: d.call

XIOC detected Domain: d.call

extracted_from_files

URL
detected URL: https://clients2.google.com/service/update2/crx

XIOC detected URL: https://clients2.google.com/service/update2/crx

extracted_from_files

URL
detected URL: https://registrationssb.ucr.edu/*

XIOC detected URL: https://registrationssb.ucr.edu/*

extracted_from_files

URL
detected URL: https://registrationssb.ucr.edu/StudentRegistrationSsb/ssb/registrationHistory/registrationHistory

XIOC detected URL: https://registrationssb.ucr.edu/StudentRegistrationSsb/ssb/registrationHistory/registrationHistory

extracted_from_files

URL
detected URL: https://registrationssb.ucr.edu/StudentRegistrationSsb/ssb/registrationHistory/registrationHistory';

XIOC detected URL: https://registrationssb.ucr.edu/StudentRegistrationSsb/ssb/registrationHistory/registrationHistory';

extracted_from_files

Domain
detected Domain: registrationssb.ucr.edu

XIOC detected Domain: registrationssb.ucr.edu

extracted_from_files

Domain
detected Domain: tab.id

XIOC detected Domain: tab.id

extracted_from_files

Domain
detected Domain: data.courses

XIOC detected Domain: data.courses

extracted_from_files

Domain
detected Domain: cdnjs.cloudflare.com

XIOC detected Domain: cdnjs.cloudflare.com

extracted_from_files

Domain
detected Domain: www.w3.org

XIOC detected Domain: www.w3.org

extracted_from_files

Domain
detected Domain: this.data

XIOC detected Domain: this.data

extracted_from_files

Domain
detected Domain: j.rs

XIOC detected Domain: j.rs

extracted_from_files

Security Analysis Summary

Security Analysis Overview

GoHighlander Loader is a Chrome Web Store extension published by [email protected]. Version 1.0 has been analyzed by the Risky Plugins security platform, receiving a risk score of 37.11/100 (LOW risk) based on 26 security findings.

Risk Assessment

This extension presents low security risk. Some minor findings were detected, but nothing that would prevent typical usage. Reviewing the detailed findings below is recommended before use in sensitive environments.

Findings Breakdown

  • High: 6 finding(s)
  • Medium: 20 finding(s)

What Was Analyzed

The security assessment covers multiple analysis categories:

  • Malware Detection: YARA rule matching against 2,400+ malware signatures
  • Secret Detection: Scanning for exposed API keys, tokens, and credentials
  • Static Analysis: Code-level security analysis for common vulnerability patterns
  • Network Analysis: Detection of suspicious network communications and endpoints
  • Obfuscation Detection: Identification of code obfuscation techniques

Developer Information

GoHighlander Loader is published by [email protected] on the Chrome Web Store marketplace. The extension has approximately 47 users.

Recommendation

Exercise caution with this extension. Review the detailed findings and ensure the requested permissions align with the extension's stated functionality before installation.

Frequently Asked Questions

Similar Extensions

Related extensions from the same publisher or marketplace

GoHighlander Ratings

[email protected]

MEDIUM 123 users

Send to NotebookLM

[email protected]

CRITICAL 296 users

Chat AI - Chat GPT 5 on all sites

[email protected]

CRITICAL 6K users

SensePage

[email protected]

CRITICAL

Auto Gmail - ChatGPT AI for email inbox

[email protected]

CRITICAL 1K users

Page Locker

[email protected]

CRITICAL 137 users