Is "Matrix User Manager" on Chrome Web Store Safe to Install?

[email protected] · chrome · v1.4

Browser extension for Matrix/Synapse admins. Add servers, create users, manage accounts (lock/unlock/remove). All data stored locally, no tracking. Works with Tor and Mullvad Browser. Supports light/dark themes.

Risk Assessment

Analyzed
84.91
out of 100
HIGH

115 security findings detected across all analyzers

Chrome extension requesting 2 permissions

Severity Breakdown

0
Critical
0
High
64
Medium
51
Low
0
Info

Finding Categories

9
Network
54
IoC Indicators

YARA Rules Matched

7 rules(51 hits)
postinstall file manipulation postinstall network communication postinstall file download postinstall system command postinstall crypto operations SQLInjection postinstall environment access

Requested Permissions

2 permissions
tabs
Medium
storage
Low

About This Extension

Browser extension for Matrix/Synapse admins. Add servers, create users, manage accounts (lock/unlock/remove). All data stored locally, no tracking. Works with Tor and Mullvad Browser. Supports light/dark themes.

Detailed Findings

61 total

YARA Rule Matches

7 rules

Indicators of Compromise

Network indicators, suspicious strings, and potential IoCs extracted during analysis

URLs
4
IP Addresses
11
Domains
41
Strings
54

All Indicators · 54

Domain
detected Domain: 3.ky

XIOC detected Domain: 3.ky

extracted_from_files

IP
detected IP: 8::d

XIOC detected IP: 8::d

extracted_from_files

IP
detected IP: ::

XIOC detected IP: ::

extracted_from_files

URL
detected URL: http://cv.iptc.org/newscodes/digitalsourcetype/trainedAlgorithmicMedia

XIOC detected URL: http://cv.iptc.org/newscodes/digitalsourcetype/trainedAlgorithmicMedia

extracted_from_files

URL
detected URL: http://va.truepic.com/ejbca/publicweb/status/ocsp0

XIOC detected URL: http://va.truepic.com/ejbca/publicweb/status/ocsp0

extracted_from_files

URL
detected URL: https://$

XIOC detected URL: https://$

extracted_from_files

URL
detected URL: https://clients2.google.com/service/update2/crx

XIOC detected URL: https://clients2.google.com/service/update2/crx

extracted_from_files

Domain
detected Domain: s.id

XIOC detected Domain: s.id

extracted_from_files

Domain
detected Domain: window.location.search

XIOC detected Domain: window.location.search

extracted_from_files

Domain
detected Domain: user.name

XIOC detected Domain: user.name

extracted_from_files

Domain
detected Domain: data.next

XIOC detected Domain: data.next

extracted_from_files

Domain
detected Domain: clients2.google.com

XIOC detected Domain: clients2.google.com

extracted_from_files

Domain
detected Domain: server.id

XIOC detected Domain: server.id

extracted_from_files

IP
detected IP: ::0

XIOC detected IP: ::0

extracted_from_files

IP
detected IP: b::

XIOC detected IP: b::

extracted_from_files

Domain
detected Domain: bh.ls

XIOC detected Domain: bh.ls

extracted_from_files

Domain
detected Domain: evtޠ.bt

XIOC detected Domain: evtޠ.bt

extracted_from_files

Domain
detected Domain: u.cg

XIOC detected Domain: u.cg

extracted_from_files

Domain
detected Domain: data.media

XIOC detected Domain: data.media

extracted_from_files

Domain
detected Domain: m.media

XIOC detected Domain: m.media

extracted_from_files

Domain
detected Domain: result.media

XIOC detected Domain: result.media

extracted_from_files

Domain
detected Domain: w.fk

XIOC detected Domain: w.fk

extracted_from_files

Domain
detected Domain: 8.gu

XIOC detected Domain: 8.gu

extracted_from_files

Domain
detected Domain: j.ae

XIOC detected Domain: j.ae

extracted_from_files

Domain
detected Domain: fe.ke

XIOC detected Domain: fe.ke

extracted_from_files

Domain
detected Domain: o.am

XIOC detected Domain: o.am

extracted_from_files

Domain
detected Domain: kw.cc

XIOC detected Domain: kw.cc

extracted_from_files

Domain
detected Domain: 5h.ca

XIOC detected Domain: 5h.ca

extracted_from_files

Domain
detected Domain: 8.ba

XIOC detected Domain: 8.ba

extracted_from_files

Domain
detected Domain: ay.pk

XIOC detected Domain: ay.pk

extracted_from_files

Domain
detected Domain: bn.ht

XIOC detected Domain: bn.ht

extracted_from_files

Domain
detected Domain: o4.dk

XIOC detected Domain: o4.dk

extracted_from_files

Domain
detected Domain: p.ps

XIOC detected Domain: p.ps

extracted_from_files

Domain
detected Domain: x.pm

XIOC detected Domain: x.pm

extracted_from_files

Domain
detected Domain: j.mu

XIOC detected Domain: j.mu

extracted_from_files

Domain
detected Domain: пример.ru

XIOC detected Domain: пример.ru

extracted_from_files

Domain
detected Domain: приклад.ua

XIOC detected Domain: приклад.ua

extracted_from_files

IP
detected Domain: cv.iptc.org

XIOC detected Domain: cv.iptc.org

extracted_from_files

Domain
detected Domain: c2pa.hash.data

XIOC detected Domain: c2pa.hash.data

extracted_from_files

Domain
detected Domain: va.truepic.com

XIOC detected Domain: va.truepic.com

extracted_from_files

Domain
detected Domain: x.ar

XIOC detected Domain: x.ar

extracted_from_files

Domain
detected Domain: 5bi.cn

XIOC detected Domain: 5bi.cn

extracted_from_files

IP
detected IP: ::7

XIOC detected IP: ::7

extracted_from_files

Domain
detected Domain: beispiel.de

XIOC detected Domain: beispiel.de

extracted_from_files

Domain
detected Domain: example.com

XIOC detected Domain: example.com

extracted_from_files

Domain
detected Domain: ejemplo.com

XIOC detected Domain: ejemplo.com

extracted_from_files

Domain
detected Domain: exemple.fr

XIOC detected Domain: exemple.fr

extracted_from_files

Domain
detected Domain: esempio.it

XIOC detected Domain: esempio.it

extracted_from_files

Domain
detected Domain: exemplo.com.br

XIOC detected Domain: exemplo.com.br

extracted_from_files

IP
detected IP: ::c

XIOC detected IP: ::c

extracted_from_files

IP
detected IP: 9::

XIOC detected IP: 9::

extracted_from_files

IP
detected IP: ::6

XIOC detected IP: ::6

extracted_from_files

IP
detected IP: 8::

XIOC detected IP: 8::

extracted_from_files

Domain
detected Domain: tab.id

XIOC detected Domain: tab.id

extracted_from_files

Security Analysis Summary

Security Analysis Overview

Matrix User Manager is a Chrome Web Store extension published by [email protected]. Version 1.4 has been analyzed by the Risky Plugins security platform, receiving a risk score of 84.91/100 (HIGH risk) based on 115 security findings.

Risk Assessment

This extension presents critical security risk. Severe issues were detected, potentially including malware indicators, exposed secrets, or dangerous behaviors. Installation is strongly discouraged until these issues are addressed.

Findings Breakdown

  • Medium: 64 finding(s)
  • Low: 51 finding(s)

What Was Analyzed

The security assessment covers multiple analysis categories:

  • Malware Detection: YARA rule matching against 2,400+ malware signatures
  • Secret Detection: Scanning for exposed API keys, tokens, and credentials
  • Static Analysis: Code-level security analysis for common vulnerability patterns
  • Network Analysis: Detection of suspicious network communications and endpoints
  • Obfuscation Detection: Identification of code obfuscation techniques

Developer Information

Matrix User Manager is published by [email protected] on the Chrome Web Store marketplace.

Recommendation

This extension is not recommended for installation without thorough manual review. Consider alternatives with lower risk scores, or contact the developer to address the identified security concerns.

Frequently Asked Questions

Similar Extensions

Related extensions from the same publisher or marketplace

KPN Password Manager

[email protected]

CRITICAL

MAGgie - An AI Assistant

[email protected]

CRITICAL 1K users

Aintivirus Privacy and Wallet

[email protected]

CRITICAL 46 users

BugZap — Visual Bug Reporter

[email protected]

CRITICAL

FormGenieAI

[email protected]

CRITICAL

OmniChat

[email protected]

CRITICAL 58 users