Security Error: Malcious browser extension

Hello, dear Brave team!
Today i’ve got scared because of this (Yandex add-on or some kind of malware)

This is Yandex Helper add-on or something, that looks like this.
I have logged into Yandex+ account, but i didn’t granted any access to my browser settings to /
Also, i don’t have “Savefrom” add-on(?), to which this script points.

But, my router (D-Link) have a software support for some of the Yandex services, without any list (at least in the instruction to it) of them.

Please, write what do i need to share with the Support Team to get any details of what it can be (f.e: html code of the page or the router security logs)

Does anything show up when you run a system virus scan? Additionally, how do you get this add-on to appear?

Malwarebytes get nothing. I think it’s some kind of Widevine add-on or it’s just injected in already installed extension in Brave.
Also, i’ve already verified - yes, it’s valid Yandex extension, nevertheless, i don’t want it to track what i’m doing on the internet.
If you want it to appear, you just need to log into Yandex account ( / ) with VIP privilegies (it’s called Yandex+ Account) and browse some of the Yandex Services after logging. Then you can close web-pages, which contains yandex sub-sites and try shopping on ebay/aliexpress/etc.
I can also suppose that this web add-on is hooking by advertising, which’s provided by Yandex, but i’m not sure.
Also - already looked into Router Logs and can’t find out anything about it, DNS Service IPs is the same as my provider admits.

Tried browsing on different browsers and devices - this anoyying thing appears only on web-pages, opened by that browser: Brave Browser on Windows Version 1.1.23 Chromium: 79.0.3945.88 (Official Build) (64-bit)
So, definitely it’s connected to the web-browsing app

Gone after disabling “MeddleMonkey” extension and clearing cache for sites with “yandex” in the domain(name).
Have an account which i can give to the Brave Team for testing (nothing very important stored in it).
Same problem happens with other extensions, which provides ability to load custom js into web-pages, but i can’t figure out detailed information on how it works, so, if it’s controlled on client-side, this is an actually security problem.
However, for now it’s just enough to mark “MeddleMonkey” as unsecure.
Please, provide me a contact info, which i can use to send my auth data (e-mail, or just PM on the community either)
If you need, i’ll also make a donation.

1 Like