Is "Dehelper" on Firefox Add-ons Safe to Install?
德语助手——接入大语言模型的AI时代翻译工具,让翻译变得智能高效。这款功能强大的浏览器插件支持鼠标划词翻译、逐段对照翻译、视频双语字幕翻译以及PDF等主流格式文档翻译等多种实用功能,旨在为用户提供便捷的翻译体验。用户还可以自定义选择翻译引擎,调用欧路AI、DeepSeek等前沿大模型,快速获得精准的翻译结果。同时,插件与德语助手客户端同步学习记录,提供个性化的学习支持。 ==新版本改进== [25.9.1] - 新增 硅基流动和智谱AI大模型免费使用 - 新增 腾讯混元、豆包、Kimi等翻译模型 - 新增 支持在划词弹窗、侧栏中双击查词 - 优化 支持WhatsApp输入框翻译 - 优化 优化部分网站翻译效果 - 修复 段落翻译按快捷键无法切换回原文的问题 - 修复 高亮重点单词会重复段落翻译的问题 - 修复 海外地区用户可以选择谷歌翻译引擎 [25.8.1] - 新增 智谱GLM-4-Flash模型免费使用 - 新增 智能上下文翻译,段落翻译更精准 - 优化 划词弹窗和侧栏加入词库列表菜单 - 优化 翻译样式支持译文透明效果 - 优化 优化部分网站翻译效果 - 修复 深色模式翻译显示问题 [25.8.1] - 新增 智谱GLM-4-Flash模型免费使用 - 新增 智能上下文翻译,段落翻译更精准 - 优化 划词弹窗和侧栏加入词库列表菜单 - 优化 翻译样式支持译文透明效果 - 优化 优化部分网站翻译效果 - 修复 深色模式翻译显示问题 [25.7.0] - 新增 支持使用在手机APP中同步后的词库 - 新增 同传支持系统内录,实时翻译速度更快 - 修复 部分用户YouTube字幕丢失的问题 - 修复 深色主题查词显示问题 - 修复 查词无法显示笔记图片问题 [2.1.1] - 修复 双击查词失效的问题 - 修复 部分用户YouTube字幕丢失的问题 - 新增 支持自定义界面主题色 - 新增 支持再次按Shift隐藏段落翻译 - 改进 支持翻译结果流式输出 - 改进 支持拖动调整YouTube字幕框位置 - 改进 相同重点单词每页最多高亮3次 - 改进 改进网站翻译兼容问题 [2.1.0] - 修复 部分用户YouTube字幕丢失的问题 - 新增 支持自定义界面主题色 - 新增 支持再次按Shift隐藏段落翻译 - 改进 支持翻译结果流式输出 - 改进 支持拖动调整YouTube字幕框位置 - 改进 相同重点单词每页最多高亮3次 - 改进 改进网站翻译兼容问题 [2.0.9] - 新增 支持自定义界面主题色 - 新增 支持再次按Shift隐藏段落翻译 - 改进 支持翻译结果流式输出 - 改进 支持拖动调整YouTube字幕框位置 - 改进 相同重点单词每页最多高亮3次 - 改进 改进网站翻译兼容问题 - 修复 部分用户YouTube字幕丢失的问题 [2.0.7] - 新增 支持生词本高亮忽略已掌握单词 - 改进 支持高亮单词右侧显示精简释义 - 改进 优化带HTML元素的文本翻译效果 - 改进 优化高亮单词简明解释窗口 - 改进 优化翻译时的内存占用 [2.0.4] - 新增 支持网页翻译后仅显示译文模式 - 新增 支持在单词释义弹窗中直接编辑笔记 - 新增 文档翻译支持直接导出 docx、pptx、xlsx 格式 - 新增 文档翻译支持自定义发音引擎朗读原文和译文 - 改进 优化 YouTube、X、arXiv 等网站翻译效果 - 改进 优化 YouTube 视频字幕断句问题 - 改进 修复重点单词高亮总会显示释义问题 [2.0.3] - 新增 支持网页翻译后仅显示译文模式 - 新增 支持在单词释义弹窗中直接编辑笔记 - 新增 文档翻译支持直接导出 docx、pptx、xlsx 格式 - 改进 优化YouTube、X、arXiv等网站翻译效果 - 改进 优化YouTube视频字幕断句问题 [2.0.1] - 新增 翻译引擎支持自定义第三方大语言模型 - 新增 支持添加DeepSeek V3作为翻译引擎 - 新增 全新PDF翻译引擎,支持对照阅读和沉浸式阅读 - 新增 文档翻译支持Epub、docx等多种格式 - 新增 支持在使用DeepSeek R1模型时,显示思考过程 - 新增 翻译功能支持调用本地Ollama大模型引擎 - 改进 改进网站翻译兼容问题 [2.0.0] - 新增 翻译引擎支持自定义第三方大语言模型 - 新增 支持添加DeepSeek V3作为翻译引擎 - 新增 全新PDF翻译引擎,支持对照阅读和沉浸式阅读 - 新增 文档翻译支持Epub、docx等多种格式 - 改进 改进网站翻译兼容问题 [1.4.0] - 支持自定义提示词风格 [1.3.1] - 支持更多第三方翻译模型 - 优化网站兼容问题 [1.3.0] - 支持最新 gpt-4o-mini 模型 [1.2.8] - 在手机上使用插件时,支持单击查词功能 [1.2.5] - 更新第三方翻译引擎 [1.2.2] - 新增 小牛翻译、GPT-4o、Deepseek等翻译引擎 - 新增 视频翻译可以区分网站单独开启或关闭 - 新增 重点单词支持自动发音 - 新增 PDF阅读支持划词翻译 [1.2.1] - AI语境整合到AI解释中 [1.1.9] - 划词搜索新增 「语境」,更好理解上下文(限时免费) [1.1.6] - 新增 PDF分屏翻译功能 - 新增 支持扫描格式PDF文件翻译 - 改进PDF文件阅读功能 - 允许自定义AI翻译引擎的地址 [1.1.5] - 新增 PDF分屏翻译功能 - 新增 支持扫描格式PDF文件翻译 [1.1.2] - 支持用户以生词本分组单词作为重点单词高亮 - Youtube字幕支持修改样式 字体大小等 [1.1.0] - 新增 单词查询框 - 新增 PDF页面支持划词搜索 - 新增 通过快捷键加入生词本 - 新增 Apple ID登录 - 新增 夜间模式 [1.0.7] - 新增YouTube字幕支持 - 支持自定义翻译快捷键 - 支持快速关闭段落翻译功能 - 支持划词图标 - 改进PDF翻译功能 - 支持默认生词本设置 ==插件主要功能介绍== 📰 网页翻译 - 一键快速翻译网页,双语逐段对照,轻松对比原文与译文; - 划选生词查看释义,配合AI语境分析,帮助精确理解单词; - 根据设置的词汇等级,高亮显示重点单词,助力词汇积累; - 支持翻译输入框内容,灵活设置目标语言、分割符及触发键。 🎞 视频字幕翻译 - 支持主流在线视频平台(如油管、B站等)自动生成双语字幕; - 选中字幕生词查看释义,配合AI语境分析,帮助精确理解单词。 📚 在线文本翻译 - 实时翻译,覆盖全球主要语言,助力无障碍跨语言交流; - 支持自定义术语库,匹配领域用词,更符合专业翻译要求。 📃 免费PDF文档翻译 - 采用沉浸式翻译排版,原文、译文对照呈现,方便阅读学术论文、技术手册等; - 可灵活设置译文字体、颜色等样式,打造专属的个性化阅读界面; - 支持一键导出双语对照翻译文档,方便后续的保存、分享和使用。 💡 翻译引擎&风格自定义 - 搭载数款前沿大模型引擎,可自行配置API KEY。深度理解复杂文本,重新定义智能翻译边界; - 内置丰富官方翻译风格(口语化、书面化、分段解析翻译等),支持自定义翻译风格提示词。
Risk Assessment
Pending0 security findings detected across all analyzers
Firefox extension requesting 9 permissions
No Threats Detected
This extension passed all security checks
About This Extension
No Findings
All security checks passed
AI Security Report
AI Security Analysis: Dehelper
Analysis generated: 2025-12-11T21:03:19+13:00
Model: gemini-3-pro-preview
Quick Facts
| Property | Value |
|---|---|
| UUID | 633677cb-07c3-571c-8d0b-6e1774477d4a |
| Type | firefox |
| Version | |
| Users | 73 |
| Risk Score | 100.0/100 (CRITICAL) |
| Malware Detected | ⚠️ Yes |
| Secrets Exposed | ✅ No |
| Critical Vulns | ✅ No |
AI Analysis
Executive Summary
Do not install or immediately remove this extension. The "Dehelper" extension presents a CRITICAL security risk (Risk Score: 100/100). The analysis detected multiple high-severity indicators suggesting the extension attempts to break out of the browser sandbox to modify the host operating system. Specifically, the code contains signatures for registry modification, system command execution, and persistence mechanisms—behaviors typical of malware or highly invasive "helper" applications, not standard browser extensions. The publisher is unverified, further reducing trust.
Threat Assessment
The security posture of this extension is extremely poor. The findings indicate that "Dehelper" is not merely a passive browser plugin but likely acts as a bridge to execute code on the underlying operating system.
- System Integrity Violation: The most alarming findings are the
postinstall_registry_modificationandpostinstall_system_commandsignatures. Browser extensions should operate within a strict sandbox. These findings suggest the extension is either bundling a native executable (Native Messaging Host) or utilizing exploits to modify Windows Registry keys and execute shell commands. - Persistence Mechanisms: The presence of
postinstall_persistence_mechanismindicates the software attempts to ensure it remains running or restarts automatically upon system reboot, a common trait of malware and spyware. - Obfuscation: The detection of
postinstall_obfuscationsuggests the developer has intentionally hidden the logic of these scripts, making manual auditing difficult and hiding potential malicious intent. - Unverified Origin: The developer "欧路软件" (likely referring to Eudic, a dictionary software company) is unverified in this context. This could be a legitimate but invasive tool from them, or a malicious impersonator repackaging their software with malware.
Risk Justification
The 100/100 Critical risk score is fully justified and potentially conservative given the specific nature of the findings:
- Sandbox Escape Indicators: Standard extensions do not trigger YARA rules for registry modification or system commands. This indicates a fundamental breach of the browser's security model.
- Malware-Like Behavior: The combination of persistence, obfuscation, and file manipulation matches the behavioral profile of Trojan downloaders or spyware.
- High Volume of IOCs: With over 4,600 findings, the codebase is riddled with suspicious patterns, far exceeding the norm for a utility extension.
- Zero Trust: The Trust Score is 0/100, and the publisher is unverified, providing no identity assurance to counterbalance the technical risks.
Key Findings
- Registry Modification (
postinstall_registry_modification): The code contains instructions to alter the Windows Registry. This is often used to change system settings, disable security features, or establish persistence. - System Command Execution (
postinstall_system_command): The extension contains capabilities to run commands directly on the host OS shell, posing a risk of arbitrary code execution. - Persistence Mechanisms (
postinstall_persistence_mechanism): Evidence that the software attempts to install startup items or services to ensure it runs continuously without user initiation. - File Manipulation & Downloads (
postinstall_file_manipulation,postinstall_file_download): The extension appears capable of downloading and modifying files on the local disk, potentially dropping additional payloads. - Obfuscation (
postinstall_obfuscation): Critical logic within the extension is obscured, preventing easy analysis of exactly what commands are being executed.
Recommendations
- Immediate Removal: Uninstall the "Dehelper" extension from Firefox immediately.
- System Scan: Run a full endpoint protection/antivirus scan on the host machine. The findings suggest this extension may have dropped files or modified system settings outside the browser.
- Check Startup Items: Inspect the operating system's startup items (Task Manager > Startup on Windows, or Login Items on macOS) for suspicious entries related to "Dehelper" or "Eudic."
- Credential Rotation: Although "Exposed Secrets" was false, the high level of system access implies a risk of keylogging or data exfiltration. Rotate passwords for sensitive accounts accessed while this extension was active.
- Block at Network Level: If this is an enterprise environment, block the extension UUID (
633677cb-07c3-571c-8d0b-6e1774477d4a) via group policy.
Mitigation Strategies
There is no safe way to use this extension in its current state.
- If this tool is absolutely required for business operations: The organization must contact the vendor ("欧路软件") to obtain a verified, signed version of the software and a technical explanation for why the extension requires registry access and system command capabilities.
- Isolation: If it must be analyzed or used, it should only be installed in a disposable, non-persistent Virtual Machine (VM) with no access to production networks or sensitive data.
Confidence Assessment
Confidence Level: 80%
- Supporting Factors: The YARA rules triggered are specific and high-fidelity (
postinstallrules are rarely triggered by benign browser-only code). The combination of specific behaviors (Registry + Network + Persistence) creates a strong fingerprint. - Limiting Factors: The analysis notes "unknown_file" for the location of these matches. It is possible these findings come from a bundled binary (helper app) rather than the JavaScript itself. While this is still a security risk, it distinguishes between "the extension is malware" and "the extension installs invasive software." Regardless, the risk to the user remains Critical.
Disclaimer
This analysis was generated by an AI model and should be reviewed by security professionals. The findings are based on automated security scanning and may include false positives. Always verify critical findings manually before taking action.
Source Code Not Available
Source code is not available for this version of the extension.
Frequently Asked Questions
Similar Extensions
Related extensions from the same publisher or marketplace