YouTube Unblocker for Firefox installed malware

Posted on Friday, Mar 04 2016 @ 15:22 CET by Thomas De Maesschalck
Firefox logo
Mozilla announced it has banned YouTube Unblocker, a popular extension that provided a proxy connection to let users view YouTube clips with a geographic restriction, because the add-on tampered with Firefox security preferences and installed a piece of malware named Adblock Converter. The browser maker added YouTube Unblocker to its blocklist, which means it will also be automatically removed from Firefox.

The issue was brought to light by a user via the Bugzilla bulletins:
I installed the add-on "YouTube Unblocker" version 0.6.20 from AMO. Immediately after installing my antivirus software (Avast) warned me of a blocked download from a third-party website associated with neither Mozilla nor the add-on. The download was another add-on which Avast categorized as malware.

Looking at the code of the add-on "YouTube Unblocker", I found the responsible code in the file esourcesunblocker-apilibutils.js following line 138. The function updateConfigFile() downloads files from a web server and places them onto the hard drive of the user. It checks for a "whitelist", so that - seemingly - no other files can be overwritten. The actual file list to update comes as response from the server and is therefor not part of the add-on. The configuration I got from the server is in the attachement response.json (captured with Wireshark).
Just to be on the safe side, Ghacks provides detailed removal instructions over here. A list of alternative YouTube unblockers can be found over here.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments