Is "PassLok Privacy" on Chrome Web Store Safe to Install?

[email protected] · chrome · v2.6.2

TAKE PRIVACY INTO YOUR OWN HANDS End-to-end secure encryption, plus steganography for email and real-time chat. Now in its 10th anniversary. PassLok does not use servers that might compromise your information. Everything is done offline. PassLok stores nothing secret, not even in your device. This app is compatible with PassLok for Email (especially in Email mode), to be added shortly to the Chrome store. Use it if your email service is not yet supported by PassLok for Email. With PassLok, you can: - Write messages than only the intended recipient can read. - Do this without having established a secret password. - Lock files and images as easily as text. - Establish a real-time peer-to-peer chat involving text, files, audio, and video - Digitally sign text, images, and files so others can be sure they come from you. - Convert your favorite email or texting app into a secure communication channel. - Hide private information as apparently innocent text, or inside images. - Use Decoy mode, so your true message is not what it appears to be. - Create messages that can only be read once. - Communicate across platforms, even without a network. - Send confidential mailings to several people at the same time. - Use a borrowed device, in case yours is bugged. - Be as paranoid as you like. We are really paranoid, and this is why we developed PassLok. PassLok uses 255-bit standard elliptic curves, which have been vetted against weaknesses by experts. On top of that, PassLok uses 256-bit XSalsa20 encryption and 512-bit hash functions to complete the locking process. XSalsa20 is a high-performance, open source cipher, which has been scrutinized by experts for nearly a decade without any practical weaknesses being found. The first time you run PassLok, it helps you to come up with a strong text-based secret Key, which can be whatever you want it to be. PassLok places no restrictions to make sure that you can always remember your Key without ever having to write it down. From your secret Key, PassLok creates a Lock, which is like a phone number that you give to the people you wish to send messages to you. They will "put your Lock" on those messages, and only your Key, which you have given to no one, will be able to unlock them. Optionally, you can post your Lock on the PassLok general directory, adding a video so people know the Lock is genuine. This is the Chrome app version of PassLok, essentially identical to the versions released for PCs and mobile platforms. In addition, there is a pure html version of PassLok at the following mirrors: https://passlok.com/app https://www.autistici.org/passlok https://passlok.site44.com If you want to check them out, you should get the source by doing ctrl-u or cmd-opt-u, get its SHA256 with an external program or web page, and compare it with the value below. This is not necessary for app store versions like this one, which are code-signed by the app store. This is the SHA256 of the single-file version of the app, which can be found with the above links: 7032-4213-5320-3420-550a-ef09-d42d-3510-adaa-f3a9-f6e0-6ec0-24eb-cea4-264d-b89e See the developer reading this in a video: https://www.youtube.com/watch?v=OvMr1VStieU

Risk Assessment

Analyzed
51.1
out of 100
MEDIUM

361 security findings detected across all analyzers

Chrome extension requesting 1 permission

Severity Breakdown

0
Critical
54
High
307
Medium
0
Low
0
Info

Finding Categories

54
Malware Signatures
1
Network
257
IoC Indicators

YARA Rules Matched

9 rules(54 hits)
postinstall obfuscation postinstall crypto operations NoUseWeakRandom postinstall file manipulation postinstall network communication postinstall file download postinstall registry modification postinstall system command postinstall persistence mechanism

Requested Permissions

1 permission
storage
Low

About This Extension

TAKE PRIVACY INTO YOUR OWN HANDS End-to-end secure encryption, plus steganography for email and real-time chat. Now in its 10th anniversary. PassLok does not use servers that might compromise your information. Everything is done offline. PassLok stores nothing secret, not even in your device. This app is compatible with PassLok for Email (especially in Email mode), to be added shortly to the Chrome store. Use it if your email service is not yet supported by PassLok for Email. With PassLok, you can: - Write messages than only the intended recipient can read. - Do this without having established a secret password. - Lock files and images as easily as text. - Establish a real-time peer-to-peer chat involving text, files, audio, and video - Digitally sign text, images, and files so others can be sure they come from you. - Convert your favorite email or texting app into a secure communication channel. - Hide private information as apparently innocent text, or inside images. - Use Decoy mode, so your true message is not what it appears to be. - Create messages that can only be read once. - Communicate across platforms, even without a network. - Send confidential mailings to several people at the same time. - Use a borrowed device, in case yours is bugged. - Be as paranoid as you like. We are really paranoid, and this is why we developed PassLok. PassLok uses 255-bit standard elliptic curves, which have been vetted against weaknesses by experts. On top of that, PassLok uses 256-bit XSalsa20 encryption and 512-bit hash functions to complete the locking process. XSalsa20 is a high-performance, open source cipher, which has been scrutinized by experts for nearly a decade without any practical weaknesses being found. The first time you run PassLok, it helps you to come up with a strong text-based secret Key, which can be whatever you want it to be. PassLok places no restrictions to make sure that you can always remember your Key without ever having to write it down. From your secret Key, PassLok creates a Lock, which is like a phone number that you give to the people you wish to send messages to you. They will "put your Lock" on those messages, and only your Key, which you have given to no one, will be able to unlock them. Optionally, you can post your Lock on the PassLok general directory, adding a video so people know the Lock is genuine. This is the Chrome app version of PassLok, essentially identical to the versions released for PCs and mobile platforms. In addition, there is a pure html version of PassLok at the following mirrors: https://passlok.com/app https://www.autistici.org/passlok https://passlok.site44.com If you want to check them out, you should get the source by doing ctrl-u or cmd-opt-u, get its SHA256 with an external program or web page, and compare it with the value below. This is not necessary for app store versions like this one, which are code-signed by the app store. This is the SHA256 of the single-file version of the app, which can be found with the above links: 7032-4213-5320-3420-550a-ef09-d42d-3510-adaa-f3a9-f6e0-6ec0-24eb-cea4-264d-b89e See the developer reading this in a video: https://www.youtube.com/watch?v=OvMr1VStieU

Detailed Findings

55 total

YARA Rule Matches

9 rules

Indicators of Compromise

Network indicators, suspicious strings, and potential IoCs extracted during analysis

URLs
165
IP Addresses
7
Domains
88
Strings
257

All Indicators · 257

URL
detected URL: https://www.youtube.com/watch?v=BEXYuaCxciM

XIOC detected URL: https://www.youtube.com/watch?v=BEXYuaCxciM

extracted_from_files

Domain
detected Domain: addons.mozilla.org

XIOC detected Domain: addons.mozilla.org

extracted_from_files

Domain
detected Domain: chrome.google.com

XIOC detected Domain: chrome.google.com

extracted_from_files

Domain
detected Domain: passlok.com

XIOC detected Domain: passlok.com

extracted_from_files

Domain
detected Domain: www.youtube.com

XIOC detected Domain: www.youtube.com

extracted_from_files

Domain
detected Domain: github.com

XIOC detected Domain: github.com

extracted_from_files

Domain
detected Domain: www.w3.org

XIOC detected Domain: www.w3.org

extracted_from_files

Domain
detected Domain: www.autistici.org

XIOC detected Domain: www.autistici.org

extracted_from_files

Domain
detected Domain: www.xorbin.com

XIOC detected Domain: www.xorbin.com

extracted_from_files

Domain
detected Domain: www.fileformat.info

XIOC detected Domain: www.fileformat.info

extracted_from_files

Domain
detected Domain: play.google.com

XIOC detected Domain: play.google.com

extracted_from_files

Domain
detected Domain: prgomez.com

XIOC detected Domain: prgomez.com

extracted_from_files

Domain
detected Domain: hash.online-convert.com

XIOC detected Domain: hash.online-convert.com

extracted_from_files

Domain
detected Domain: www.weebly.com

XIOC detected Domain: www.weebly.com

extracted_from_files

Domain
detected Domain: object.prototype.tostring.call

XIOC detected Domain: object.prototype.tostring.call

extracted_from_files

Domain
detected Domain: jit.si

XIOC detected Domain: jit.si

extracted_from_files

Domain
detected Domain: jitsi.org

XIOC detected Domain: jitsi.org

extracted_from_files

Domain
detected Domain: gmail.com

XIOC detected Domain: gmail.com

extracted_from_files

Domain
detected Domain: fileformat.info

XIOC detected Domain: fileformat.info

extracted_from_files

Domain
detected Domain: gomez.com

XIOC detected Domain: gomez.com

extracted_from_files

Domain
detected Domain: passlok.site44.com

XIOC detected Domain: passlok.site44.com

extracted_from_files

Domain
detected Domain: a.style

XIOC detected Domain: a.style

extracted_from_files

Domain
detected Domain: a.download

XIOC detected Domain: a.download

extracted_from_files

Domain
detected Domain: nacl.secretbox.open

XIOC detected Domain: nacl.secretbox.open

extracted_from_files

Domain
detected Domain: ourcodeworld.com

XIOC detected Domain: ourcodeworld.com

extracted_from_files

Domain
detected Domain: filelink.download

XIOC detected Domain: filelink.download

extracted_from_files

Domain
detected Domain: filetoload.name

XIOC detected Domain: filetoload.name

extracted_from_files

Domain
detected Domain: chrome.storage

XIOC detected Domain: chrome.storage

extracted_from_files

Domain
detected Domain: nacl.sign.open

XIOC detected Domain: nacl.sign.open

extracted_from_files

Domain
detected Domain: trange.select

XIOC detected Domain: trange.select

extracted_from_files

IP
detected Domain: javascripter.net

XIOC detected Domain: javascripter.net

extracted_from_files

Domain
detected Domain: window.open

XIOC detected Domain: window.open

extracted_from_files

Domain
detected Domain: range.select

XIOC detected Domain: range.select

extracted_from_files

Domain
detected Domain: lockscr.style.top

XIOC detected Domain: lockscr.style.top

extracted_from_files

Domain
detected Domain: a.click

XIOC detected Domain: a.click

extracted_from_files

Domain
detected Domain: www.gnu.org

XIOC detected Domain: www.gnu.org

extracted_from_files

Domain
detected Domain: burtleburtle.net

XIOC detected Domain: burtleburtle.net

extracted_from_files

Domain
detected Domain: www.irongeek.com

XIOC detected Domain: www.irongeek.com

extracted_from_files

Domain
detected Domain: date.now

XIOC detected Domain: date.now

extracted_from_files

IP
detected Domain: snippetrepo.com

XIOC detected Domain: snippetrepo.com

extracted_from_files

Domain
detected Domain: imagedata.data

XIOC detected Domain: imagedata.data

extracted_from_files

Domain
detected Domain: xato.net

XIOC detected Domain: xato.net

extracted_from_files

Domain
detected Domain: p.sldb.style.top

XIOC detected Domain: p.sldb.style.top

extracted_from_files

Domain
detected Domain: p.padm.style.top

XIOC detected Domain: p.padm.style.top

extracted_from_files

Domain
detected Domain: p.padb.style.top

XIOC detected Domain: p.padb.style.top

extracted_from_files

Domain
detected Domain: p.boxb.style.top

XIOC detected Domain: p.boxb.style.top

extracted_from_files

Domain
detected Domain: jscolor.picker.box

XIOC detected Domain: jscolor.picker.box

extracted_from_files

Domain
detected Domain: jscolor.com

XIOC detected Domain: jscolor.com

extracted_from_files

Domain
detected Domain: odvarko.cz

XIOC detected Domain: odvarko.cz

extracted_from_files

Domain
detected Domain: www.owencampbellmoore.com

XIOC detected Domain: www.owencampbellmoore.com

extracted_from_files

Domain
detected Domain: www.bytestrom.eu

XIOC detected Domain: www.bytestrom.eu

extracted_from_files

Domain
detected Domain: xhr.open

XIOC detected Domain: xhr.open

extracted_from_files

Domain
detected Domain: frame.progressive

XIOC detected Domain: frame.progressive

extracted_from_files

Domain
detected Domain: www.apache.org

XIOC detected Domain: www.apache.org

extracted_from_files

Domain
detected Domain: callback.call

XIOC detected Domain: callback.call

extracted_from_files

Domain
detected Domain: p.sldm.style.top

XIOC detected Domain: p.sldm.style.top

extracted_from_files

Domain
detected Domain: nacl.box.open

XIOC detected Domain: nacl.box.open

extracted_from_files

Domain
detected Domain: nacl.box

XIOC detected Domain: nacl.box

extracted_from_files

Domain
detected Domain: tweetnacl.cr.yp.to

XIOC detected Domain: tweetnacl.cr.yp.to

extracted_from_files

Domain
detected Domain: object.prototype.hasownproperty.call

XIOC detected Domain: object.prototype.hasownproperty.call

extracted_from_files

Domain
detected Domain: pieroxy.net

XIOC detected Domain: pieroxy.net

extracted_from_files

Domain
detected Domain: www.wtfpl.net

XIOC detected Domain: www.wtfpl.net

extracted_from_files

Domain
detected Domain: image.data

XIOC detected Domain: image.data

extracted_from_files

Domain
detected Domain: getelementsbytagname.call

XIOC detected Domain: getelementsbytagname.call

extracted_from_files

Domain
detected Domain: cfg.in

XIOC detected Domain: cfg.in

extracted_from_files

Domain
detected Domain: cfg.safe

XIOC detected Domain: cfg.safe

extracted_from_files

Domain
detected Domain: html.spec.whatwg.org

XIOC detected Domain: html.spec.whatwg.org

extracted_from_files

Domain
detected Domain: w3c.github.io

XIOC detected Domain: w3c.github.io

extracted_from_files

Domain
detected Domain: developer.mozilla.org

XIOC detected Domain: developer.mozilla.org

extracted_from_files

Domain
detected Domain: array.prototype.slice.call

XIOC detected Domain: array.prototype.slice.call

extracted_from_files

Domain
detected Domain: body.ownerdocument.doctype.name

XIOC detected Domain: body.ownerdocument.doctype.name

extracted_from_files

Domain
detected Domain: importnode.call

XIOC detected Domain: importnode.call

extracted_from_files

Domain
detected Domain: createdocumentfragment.call

XIOC detected Domain: createdocumentfragment.call

extracted_from_files

Domain
detected Domain: currentnode.data

XIOC detected Domain: currentnode.data

extracted_from_files

Domain
detected Domain: hook.call

XIOC detected Domain: hook.call

extracted_from_files

Domain
detected Domain: nodefilter.show

XIOC detected Domain: nodefilter.show

extracted_from_files

Domain
detected Domain: createnodeiterator.call

XIOC detected Domain: createnodeiterator.call

extracted_from_files

Domain
detected Domain: this.data

XIOC detected Domain: this.data

extracted_from_files

Domain
detected Domain: jindo.dev.naver.com

XIOC detected Domain: jindo.dev.naver.com

extracted_from_files

Domain
detected Domain: code.google.com

XIOC detected Domain: code.google.com

extracted_from_files

Domain
detected Domain: www.denso-wave.com

XIOC detected Domain: www.denso-wave.com

extracted_from_files

Domain
detected Domain: www.opensource.org

XIOC detected Domain: www.opensource.org

extracted_from_files

Domain
detected Domain: www.d-project.com

XIOC detected Domain: www.d-project.com

extracted_from_files

Domain
detected Domain: purify.js.map

XIOC detected Domain: purify.js.map

extracted_from_files

Other
detected Email: [email protected]

XIOC detected Email: [email protected]

extracted_from_files

Other
detected Email: [email protected]

XIOC detected Email: [email protected]

extracted_from_files

Other
detected Email: [email protected]

XIOC detected Email: [email protected]

extracted_from_files

Domain
detected Domain: clients2.google.com

XIOC detected Domain: clients2.google.com

extracted_from_files

Domain
detected Domain: map.naver.com

XIOC detected Domain: map.naver.com

extracted_from_files

Domain
detected Domain: naver.com

XIOC detected Domain: naver.com

extracted_from_files

Domain
detected Domain: qrrsblock.rs

XIOC detected Domain: qrrsblock.rs

extracted_from_files

URL
detected URL: https://github.com/cure53/DOMPurify--

XIOC detected URL: https://github.com/cure53/DOMPurify--

extracted_from_files

URL
detected URL: https://github.com/pieroxy/lz-string--

XIOC detected URL: https://github.com/pieroxy/lz-string--

extracted_from_files

URL
detected URL: https://github.com/dchest/scrypt-async-js--

XIOC detected URL: https://github.com/dchest/scrypt-async-js--

extracted_from_files

URL
detected URL: https://github.com/dchest/ed2curve-js--

XIOC detected URL: https://github.com/dchest/ed2curve-js--

extracted_from_files

URL
detected URL: https://github.com/dchest/tweetnacl-js--

XIOC detected URL: https://github.com/dchest/tweetnacl-js--

extracted_from_files

URL
detected URL: https://github.com/amper5and/secrets.js--

XIOC detected URL: https://github.com/amper5and/secrets.js--

extracted_from_files

URL
detected URL: http://www.w3.org/1999/xhtml

XIOC detected URL: http://www.w3.org/1999/xhtml

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=UxgrES_CGcg

XIOC detected URL: https://www.youtube.com/watch?v=UxgrES_CGcg

extracted_from_files

URL
detected URL: https://github.com/davidshimjs/qrcodejs--

XIOC detected URL: https://github.com/davidshimjs/qrcodejs--

extracted_from_files

URL
detected URL: https://github.com/dchest/tweetnacl-util-js--

XIOC detected URL: https://github.com/dchest/tweetnacl-util-js--

extracted_from_files

URL
detected URL: https://github.com/odvarko/JSColor--

XIOC detected URL: https://github.com/odvarko/JSColor--

extracted_from_files

URL
detected URL: https://github.com/rubycon/isaac.js--

XIOC detected URL: https://github.com/rubycon/isaac.js--

extracted_from_files

URL
detected URL: https://github.com/owencm/js-steg.

XIOC detected URL: https://github.com/owencm/js-steg.

extracted_from_files

URL
detected URL: https://chrome.google.com/webstore/detail/passlok-universal/lbmlbnfgnbfppkfijbbpnecpglockled

XIOC detected URL: https://chrome.google.com/webstore/detail/passlok-universal/lbmlbnfgnbfppkfijbbpnecpglockled

extracted_from_files

URL
detected URL: https://addons.mozilla.org/en-US/firefox/addon/passlok-for-email/

XIOC detected URL: https://addons.mozilla.org/en-US/firefox/addon/passlok-for-email/

extracted_from_files

URL
detected URL: https://chrome.google.com/webstore/detail/passlok-for-email/ehakihemolfjgbbfhkbjgahppbhecclh

XIOC detected URL: https://chrome.google.com/webstore/detail/passlok-for-email/ehakihemolfjgbbfhkbjgahppbhecclh

extracted_from_files

URL
detected URL: https://passlok.com/ursa

XIOC detected URL: https://passlok.com/ursa

extracted_from_files

URL
detected URL: https://passlok.com/seeonce

XIOC detected URL: https://passlok.com/seeonce

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=0wTJWyd9s64

XIOC detected URL: https://www.youtube.com/watch?v=0wTJWyd9s64

extracted_from_files

URL
detected URL: https://addons.mozilla.org/en-US/firefox/addon/fusionkey/

XIOC detected URL: https://addons.mozilla.org/en-US/firefox/addon/fusionkey/

extracted_from_files

URL
detected URL: https://chrome.google.com/webstore/detail/fusionkey/legnppmlegkibpinfjodjbejohblaaam

XIOC detected URL: https://chrome.google.com/webstore/detail/fusionkey/legnppmlegkibpinfjodjbejohblaaam

extracted_from_files

URL
detected URL: https://addons.mozilla.org/en-US/firefox/addon/passlok-privacy/

XIOC detected URL: https://addons.mozilla.org/en-US/firefox/addon/passlok-privacy/

extracted_from_files

URL
detected URL: https://chrome.google.com/webstore/detail/passlok-privacy/epcchpdljafmfegifkigklfcmkphfmbh

XIOC detected URL: https://chrome.google.com/webstore/detail/passlok-privacy/epcchpdljafmfegifkigklfcmkphfmbh

extracted_from_files

URL
detected URL: https://addons.mozilla.org/en-US/firefox/addon/passlok-universal/

XIOC detected URL: https://addons.mozilla.org/en-US/firefox/addon/passlok-universal/

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=JbNM_cf8My0

XIOC detected URL: https://www.youtube.com/watch?v=JbNM_cf8My0

extracted_from_files

URL
detected URL: http://www.weebly.com/uploads/2/4/1/8/24187628/passlok_technical_document.pdf

XIOC detected URL: http://www.weebly.com/uploads/2/4/1/8/24187628/passlok_technical_document.pdf

extracted_from_files

URL
detected URL: http://passlok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf

XIOC detected URL: http://passlok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf

extracted_from_files

URL
detected URL: http://passlok.weebly.com

XIOC detected URL: http://passlok.weebly.com

extracted_from_files

URL
detected URL: https://passlok.com/learn

XIOC detected URL: https://passlok.com/learn

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=vQrED7eIkLA

XIOC detected URL: https://www.youtube.com/watch?v=vQrED7eIkLA

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=L00yybDzN6k

XIOC detected URL: https://www.youtube.com/watch?v=L00yybDzN6k

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=4DjhIjU_nuM

XIOC detected URL: https://www.youtube.com/watch?v=4DjhIjU_nuM

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=LsljKvjAi9I

XIOC detected URL: https://www.youtube.com/watch?v=LsljKvjAi9I

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=VutWfWZW5bY

XIOC detected URL: https://www.youtube.com/watch?v=VutWfWZW5bY

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=R9UanENF3ro

XIOC detected URL: https://www.youtube.com/watch?v=R9UanENF3ro

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=nBA5JNY4gmQ

XIOC detected URL: https://www.youtube.com/watch?v=nBA5JNY4gmQ

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=sRdpWe4zya8

XIOC detected URL: https://www.youtube.com/watch?v=sRdpWe4zya8

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=XytUN0T_2zQ

XIOC detected URL: https://www.youtube.com/watch?v=XytUN0T_2zQ

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=Sm4f6FIOShI

XIOC detected URL: https://www.youtube.com/watch?v=Sm4f6FIOShI

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=tPeUv6BRTrg

XIOC detected URL: https://www.youtube.com/watch?v=tPeUv6BRTrg

extracted_from_files

URL
detected URL: https://passlok.com/human

XIOC detected URL: https://passlok.com/human

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=npROBlHjxmc

XIOC detected URL: https://www.youtube.com/watch?v=npROBlHjxmc

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=0EImhN35Tbs

XIOC detected URL: https://www.youtube.com/watch?v=0EImhN35Tbs

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=Ttyvb0Qt7h0

XIOC detected URL: https://www.youtube.com/watch?v=Ttyvb0Qt7h0

extracted_from_files

URL
detected URL: https://chrome.google.com/webstore/detail/passlok-for-email/lbmlbnfgnbfppkfijbbpnecpglockled

XIOC detected URL: https://chrome.google.com/webstore/detail/passlok-for-email/lbmlbnfgnbfppkfijbbpnecpglockled

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=8zo-N5O82iM

XIOC detected URL: https://www.youtube.com/watch?v=8zo-N5O82iM

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=zkcqEz3UjnM

XIOC detected URL: https://www.youtube.com/watch?v=zkcqEz3UjnM

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=_iXIyH6AnMI

XIOC detected URL: https://www.youtube.com/watch?v=_iXIyH6AnMI

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=_7Fju1EwhV4

XIOC detected URL: https://www.youtube.com/watch?v=_7Fju1EwhV4

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=Vh9wwFZiV4w

XIOC detected URL: https://www.youtube.com/watch?v=Vh9wwFZiV4w

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=pD-uvyxKBgQ

XIOC detected URL: https://www.youtube.com/watch?v=pD-uvyxKBgQ

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=LubzBF4Xaa8

XIOC detected URL: https://www.youtube.com/watch?v=LubzBF4Xaa8

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=4WrYEdRp2Q4

XIOC detected URL: https://www.youtube.com/watch?v=4WrYEdRp2Q4

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=ZdVHaD-FpSk

XIOC detected URL: https://www.youtube.com/watch?v=ZdVHaD-FpSk

extracted_from_files

URL
detected URL: http://passlok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual21.pdf

XIOC detected URL: http://passlok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual21.pdf

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=NlEJJpF-Wmo

XIOC detected URL: https://www.youtube.com/watch?v=NlEJJpF-Wmo

extracted_from_files

IP
detected IP: 4.2.10.2

XIOC detected IP: 4.2.10.2

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=3OUpuk3-tRo

XIOC detected URL: https://www.youtube.com/watch?v=3OUpuk3-tRo

extracted_from_files

URL
detected URL: https://prgomez.com/current-version-of-passlok/

XIOC detected URL: https://prgomez.com/current-version-of-passlok/

extracted_from_files

URL
detected URL: https://prgomez.com/current-version-of-passlok

XIOC detected URL: https://prgomez.com/current-version-of-passlok

extracted_from_files

URL
detected URL: https://passlok.weebly.com/get-passlok.html

XIOC detected URL: https://passlok.weebly.com/get-passlok.html

extracted_from_files

URL
detected URL: https://hash.online-convert.com/sha256-generator)

XIOC detected URL: https://hash.online-convert.com/sha256-generator)

extracted_from_files

URL
detected URL: https://passlok.com/app

XIOC detected URL: https://passlok.com/app

extracted_from_files

URL
detected URL: https://www.xorbin.com/tools/sha256-hash-calculator)

XIOC detected URL: https://www.xorbin.com/tools/sha256-hash-calculator)

extracted_from_files

URL
detected URL: https://www.fileformat.info/tool/hash.htm)

XIOC detected URL: https://www.fileformat.info/tool/hash.htm)

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=NrAfSo2xjnY

XIOC detected URL: https://www.youtube.com/watch?v=NrAfSo2xjnY

extracted_from_files

URL
detected URL: https://play.google.com/store/apps/details?id=com.fruiz500.passlok

XIOC detected URL: https://play.google.com/store/apps/details?id=com.fruiz500.passlok

extracted_from_files

URL
detected URL: https://github.com/fruiz500/passlok

XIOC detected URL: https://github.com/fruiz500/passlok

extracted_from_files

URL
detected URL: http://passlok.weebly.com/get-passlok.html

XIOC detected URL: http://passlok.weebly.com/get-passlok.html

extracted_from_files

URL
detected URL: https://passlok.com/archive/passlok25.html

XIOC detected URL: https://passlok.com/archive/passlok25.html

extracted_from_files

URL
detected URL: https://passlok.site44.com

XIOC detected URL: https://passlok.site44.com

extracted_from_files

URL
detected URL: https://www.autistici.org/passlok

XIOC detected URL: https://www.autistici.org/passlok

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=x3eq1QJt4-k

XIOC detected URL: https://www.youtube.com/watch?v=x3eq1QJt4-k

extracted_from_files

URL
detected URL: https://passlok.site44.com/archive/passlok24.html

XIOC detected URL: https://passlok.site44.com/archive/passlok24.html

extracted_from_files

URL
detected URL: https://www.autistici.org/passlok/archive/passlok24.html

XIOC detected URL: https://www.autistici.org/passlok/archive/passlok24.html

extracted_from_files

URL
detected URL: https://passlok.com/archive/passlok24.html

XIOC detected URL: https://passlok.com/archive/passlok24.html

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=YgHXp6GVjDA

XIOC detected URL: https://www.youtube.com/watch?v=YgHXp6GVjDA

extracted_from_files

URL
detected URL: https://passlok.site44.com/archive/passlok25.html

XIOC detected URL: https://passlok.site44.com/archive/passlok25.html

extracted_from_files

URL
detected URL: https://www.autistici.org/passlok/archive/passlok25.html

XIOC detected URL: https://www.autistici.org/passlok/archive/passlok25.html

extracted_from_files

URL
detected URL: https://passlok.site44.com/archive/passlok22.html

XIOC detected URL: https://passlok.site44.com/archive/passlok22.html

extracted_from_files

URL
detected URL: https://www.autistici.org/passlok/archive/passlok22.html

XIOC detected URL: https://www.autistici.org/passlok/archive/passlok22.html

extracted_from_files

URL
detected URL: https://passlok.com/archive/passlok22.html

XIOC detected URL: https://passlok.com/archive/passlok22.html

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=_zsCzbZc3uU

XIOC detected URL: https://www.youtube.com/watch?v=_zsCzbZc3uU

extracted_from_files

URL
detected URL: https://passlok.site44.com/archive/passlok23.html

XIOC detected URL: https://passlok.site44.com/archive/passlok23.html

extracted_from_files

URL
detected URL: https://www.autistici.org/passlok/archive/passlok23.html

XIOC detected URL: https://www.autistici.org/passlok/archive/passlok23.html

extracted_from_files

URL
detected URL: https://passlok.com/archive/passlok23.html

XIOC detected URL: https://passlok.com/archive/passlok23.html

extracted_from_files

URL
detected URL: https://www.autistici.org/passlok/archive/passlok20.html

XIOC detected URL: https://www.autistici.org/passlok/archive/passlok20.html

extracted_from_files

URL
detected URL: https://passlok.com/archive/passlok20.html

XIOC detected URL: https://passlok.com/archive/passlok20.html

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=kK1d8WrCMMY

XIOC detected URL: https://www.youtube.com/watch?v=kK1d8WrCMMY

extracted_from_files

URL
detected URL: https://passlok.site44.com/archive/passlok21.html

XIOC detected URL: https://passlok.site44.com/archive/passlok21.html

extracted_from_files

URL
detected URL: https://www.autistici.org/passlok/archive/passlok21.html

XIOC detected URL: https://www.autistici.org/passlok/archive/passlok21.html

extracted_from_files

URL
detected URL: https://passlok.com/archive/passlok21.html

XIOC detected URL: https://passlok.com/archive/passlok21.html

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=u2aHUycmgWQ

XIOC detected URL: https://www.youtube.com/watch?v=u2aHUycmgWQ

extracted_from_files

URL
detected URL: https://passlok.com/archive/passlok16.html

XIOC detected URL: https://passlok.com/archive/passlok16.html

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=yhGs76QReRM

XIOC detected URL: https://www.youtube.com/watch?v=yhGs76QReRM

extracted_from_files

URL
detected URL: https://passlok.site44.com/archive/passlok17.html

XIOC detected URL: https://passlok.site44.com/archive/passlok17.html

extracted_from_files

URL
detected URL: https://www.autistici.org/passlok/archive/passlok17.html

XIOC detected URL: https://www.autistici.org/passlok/archive/passlok17.html

extracted_from_files

URL
detected URL: https://passlok.com/archive/passlok17.html

XIOC detected URL: https://passlok.com/archive/passlok17.html

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=6Nqn5u2mg2w

XIOC detected URL: https://www.youtube.com/watch?v=6Nqn5u2mg2w

extracted_from_files

URL
detected URL: https://passlok.site44.com/archive/passlok20.html

XIOC detected URL: https://passlok.site44.com/archive/passlok20.html

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=YQIDRKE_wbI

XIOC detected URL: https://www.youtube.com/watch?v=YQIDRKE_wbI

extracted_from_files

URL
detected URL: https://passlok.site44.com/archive/passlok15.html

XIOC detected URL: https://passlok.site44.com/archive/passlok15.html

extracted_from_files

URL
detected URL: https://www.autistici.org/passlok/archive/passlok15.html

XIOC detected URL: https://www.autistici.org/passlok/archive/passlok15.html

extracted_from_files

URL
detected URL: https://passlok.com/archive/passlok15.html

XIOC detected URL: https://passlok.com/archive/passlok15.html

extracted_from_files

URL
detected URL: https://www.youtube.com/watch?v=Z5e9TVGMMsE

XIOC detected URL: https://www.youtube.com/watch?v=Z5e9TVGMMsE

extracted_from_files

URL
detected URL: https://passlok.site44.com/archive/passlok16.html

XIOC detected URL: https://passlok.site44.com/archive/passlok16.html

extracted_from_files

URL
detected URL: https://www.autistici.org/passlok/archive/passlok16.html

XIOC detected URL: https://www.autistici.org/passlok/archive/passlok16.html

extracted_from_files

URL
detected URL: https://passlok.com/archive/passlok12.html

XIOC detected URL: https://passlok.com/archive/passlok12.html

extracted_from_files

URL
detected URL: https://passlok.site44.com/archive/passlok13.html

XIOC detected URL: https://passlok.site44.com/archive/passlok13.html

extracted_from_files

URL
detected URL: https://www.autistici.org/passlok/archive/passlok13.html

XIOC detected URL: https://www.autistici.org/passlok/archive/passlok13.html

extracted_from_files

URL
detected URL: https://passlok.com/archive/passlok13.html

XIOC detected URL: https://passlok.com/archive/passlok13.html

extracted_from_files

URL
detected URL: https://passlok.site44.com/archive/passlok14.html

XIOC detected URL: https://passlok.site44.com/archive/passlok14.html

extracted_from_files

URL
detected URL: https://www.autistici.org/passlok/archive/passlok14.html

XIOC detected URL: https://www.autistici.org/passlok/archive/passlok14.html

extracted_from_files

URL
detected URL: https://passlok.com/archive/passlok14.html

XIOC detected URL: https://passlok.com/archive/passlok14.html

extracted_from_files

URL
detected URL: https://www.autistici.org/passlok/archive/passlok10.html

XIOC detected URL: https://www.autistici.org/passlok/archive/passlok10.html

extracted_from_files

URL
detected URL: https://passlok.com/archive/passlok10.html

XIOC detected URL: https://passlok.com/archive/passlok10.html

extracted_from_files

URL
detected URL: https://passlok.site44.com/archive/passlok11.html

XIOC detected URL: https://passlok.site44.com/archive/passlok11.html

extracted_from_files

URL
detected URL: https://www.autistici.org/passlok/archive/passlok11.html

XIOC detected URL: https://www.autistici.org/passlok/archive/passlok11.html

extracted_from_files

URL
detected URL: https://passlok.com/archive/passlok11.html

XIOC detected URL: https://passlok.com/archive/passlok11.html

extracted_from_files

URL
detected URL: https://passlok.site44.com/archive/passlok12.html

XIOC detected URL: https://passlok.site44.com/archive/passlok12.html

extracted_from_files

URL
detected URL: https://www.autistici.org/passlok/archive/passlok12.html

XIOC detected URL: https://www.autistici.org/passlok/archive/passlok12.html

extracted_from_files

URL
detected URL: https://passlok.com/learn'

XIOC detected URL: https://passlok.com/learn'

extracted_from_files

URL
detected URL: https://github.com/fruiz500/passlok-stego

XIOC detected URL: https://github.com/fruiz500/passlok-stego

extracted_from_files

URL
detected URL: https://github.com/first20hours/google-10000-english.

XIOC detected URL: https://github.com/first20hours/google-10000-english.

extracted_from_files

URL
detected URL: https://xato.net/passwords/more-top-worst-passwords,

XIOC detected URL: https://xato.net/passwords/more-top-worst-passwords,

extracted_from_files

URL
detected URL: https://passlok.com/chat/chat.html#

XIOC detected URL: https://passlok.com/chat/chat.html#

extracted_from_files

URL
detected URL: https://ourcodeworld.com/articles/read/1438/how-to-read-multiple-files-at-once-using-the-filereader-class-in-javascript

XIOC detected URL: https://ourcodeworld.com/articles/read/1438/how-to-read-multiple-files-at-once-using-the-filereader-class-in-javascript

extracted_from_files

URL
detected URL: https://passlok.site44.com/archive/passlok10.html

XIOC detected URL: https://passlok.site44.com/archive/passlok10.html

extracted_from_files

URL
detected URL: https://passlok.com/chat/chat.html#'

XIOC detected URL: https://passlok.com/chat/chat.html#'

extracted_from_files

URL
detected URL: https://passlok.com/app#PL24inv==

XIOC detected URL: https://passlok.com/app#PL24inv==

extracted_from_files

URL
detected URL: https://passlok.com/app'

XIOC detected URL: https://passlok.com/app'

extracted_from_files

URL
detected URL: https://passlok.com/app#

XIOC detected URL: https://passlok.com/app#

extracted_from_files

URL
detected URL: https://passlok.com/app/index.html

XIOC detected URL: https://passlok.com/app/index.html

extracted_from_files

URL
detected URL: http://snippetrepo.com/snippets/bignum-base-conversion,

XIOC detected URL: http://snippetrepo.com/snippets/bignum-base-conversion,

extracted_from_files

URL
detected URL: https://github.com/owencm/js-steg

XIOC detected URL: https://github.com/owencm/js-steg

extracted_from_files

URL
detected URL: http://jscolor.com

XIOC detected URL: http://jscolor.com

extracted_from_files

URL
detected URL: http://odvarko.cz

XIOC detected URL: http://odvarko.cz

extracted_from_files

URL
detected URL: http://www.gnu.org/copyleft/lesser.html

XIOC detected URL: http://www.gnu.org/copyleft/lesser.html

extracted_from_files

URL
detected URL: http://burtleburtle.net/bob/rand/isaacafa.html

XIOC detected URL: http://burtleburtle.net/bob/rand/isaacafa.html

extracted_from_files

URL
detected URL: http://burtleburtle.net/bob/rand/isaac.html

XIOC detected URL: http://burtleburtle.net/bob/rand/isaac.html

extracted_from_files

URL
detected URL: http://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder,

XIOC detected URL: http://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder,

extracted_from_files

URL
detected URL: http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries)

XIOC detected URL: http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries)

extracted_from_files

URL
detected URL: https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType

XIOC detected URL: https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType

extracted_from_files

URL
detected URL: https://github.com/floodyberry/poly1305-donna

XIOC detected URL: https://github.com/floodyberry/poly1305-donna

extracted_from_files

URL
detected URL: http://tweetnacl.cr.yp.to/

XIOC detected URL: http://tweetnacl.cr.yp.to/

extracted_from_files

URL
detected URL: http://pieroxy.net/blog/pages/lz-string/testing.html

XIOC detected URL: http://pieroxy.net/blog/pages/lz-string/testing.html

extracted_from_files

URL
detected URL: http://www.wtfpl.net/

XIOC detected URL: http://www.wtfpl.net/

extracted_from_files

URL
detected URL: http://www.apache.org/licenses/LICENSE-2.0

XIOC detected URL: http://www.apache.org/licenses/LICENSE-2.0

extracted_from_files

URL
detected URL: https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible

XIOC detected URL: https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible

extracted_from_files

URL
detected URL: https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes)

XIOC detected URL: https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes)

extracted_from_files

URL
detected URL: https://www.w3.org/TR/xhtml1/normative.html#strict)

XIOC detected URL: https://www.w3.org/TR/xhtml1/normative.html#strict)

extracted_from_files

URL
detected URL: http://www.w3.org/1999/xhtml';

XIOC detected URL: http://www.w3.org/1999/xhtml';

extracted_from_files

URL
detected URL: http://www.w3.org/2000/svg';

XIOC detected URL: http://www.w3.org/2000/svg';

extracted_from_files

URL
detected URL: http://www.w3.org/1998/Math/MathML';

XIOC detected URL: http://www.w3.org/1998/Math/MathML';

extracted_from_files

URL
detected URL: http://jindo.dev.naver.com/collie

XIOC detected URL: http://jindo.dev.naver.com/collie

extracted_from_files

URL
detected URL: http://code.google.com/p/android/issues/detail?id=5141

XIOC detected URL: http://code.google.com/p/android/issues/detail?id=5141

extracted_from_files

URL
detected URL: http://www.denso-wave.com/qrcode/faqpatent-e.html

XIOC detected URL: http://www.denso-wave.com/qrcode/faqpatent-e.html

extracted_from_files

URL
detected URL: http://www.opensource.org/licenses/mit-license.php

XIOC detected URL: http://www.opensource.org/licenses/mit-license.php

extracted_from_files

URL
detected URL: http://www.d-project.com/

XIOC detected URL: http://www.d-project.com/

extracted_from_files

URL
detected URL: https://github.com/sindresorhus/validate-element-name

XIOC detected URL: https://github.com/sindresorhus/validate-element-name

extracted_from_files

URL
detected URL: http://www.w3.org/TR/xml/#d0e804)

XIOC detected URL: http://www.w3.org/TR/xml/#d0e804)

extracted_from_files

URL
detected URL: https://clients2.google.com/service/update2/crx

XIOC detected URL: https://clients2.google.com/service/update2/crx

extracted_from_files

URL
detected URL: https://github.com/dchest/scrypt-async-js

XIOC detected URL: https://github.com/dchest/scrypt-async-js

extracted_from_files

URL
detected URL: http://map.naver.com

XIOC detected URL: http://map.naver.com

extracted_from_files

Domain
detected Domain: passlok.weebly.com

XIOC detected Domain: passlok.weebly.com

extracted_from_files

URL
detected URL: http://naver.com

XIOC detected URL: http://naver.com

extracted_from_files

Security Analysis Summary

Security Analysis Overview

PassLok Privacy is a Chrome Web Store extension published by [email protected]. Version 2.6.2 has been analyzed by the Risky Plugins security platform, receiving a risk score of 51.1/100 (MEDIUM risk) based on 361 security findings.

Risk Assessment

This extension presents moderate security risk. Several findings were detected that may warrant attention. Users should carefully review the permissions and findings before installation.

Findings Breakdown

  • High: 54 finding(s)
  • Medium: 307 finding(s)

What Was Analyzed

The security assessment covers multiple analysis categories:

  • Malware Detection: YARA rule matching against 2,400+ malware signatures
  • Secret Detection: Scanning for exposed API keys, tokens, and credentials
  • Static Analysis: Code-level security analysis for common vulnerability patterns
  • Network Analysis: Detection of suspicious network communications and endpoints
  • Obfuscation Detection: Identification of code obfuscation techniques

Developer Information

PassLok Privacy is published by [email protected] on the Chrome Web Store marketplace. The extension has approximately 637 users.

Recommendation

Exercise caution with this extension. Review the detailed findings and ensure the requested permissions align with the extension's stated functionality before installation.

Frequently Asked Questions

Similar Extensions

Related extensions from the same publisher or marketplace

PassLok Universal

[email protected]

CRITICAL 77 users

PassLok for Email

[email protected]

CRITICAL 411 users

KyberLock

[email protected]

HIGH 9 users

PassLok Image Steganography

[email protected]

HIGH 638 users

SeeOnce Privacy

[email protected]

HIGH 28 users

SynthPass

[email protected]

HIGH 41 users