Chrome-38.site
The Chrome-38.site is not part of the Google network of services and products, but it has a lot to do with the security in the Google Chrome browser. The Chrome-38.site is known to host messages that we have seen with the 'Add Extension to Leave' Pop-ups. The original 'Add Extension to Leave' relies on users clicking on a simple dialog box and adding an adware-powered extension to their Internet client. However, the appearance of Chrome-38.site at the end of April 2017 marks a shift in how the bad extensions are promoted to users. The pages hosted on the Chrome-38.site domain include screenshots from the promotional platform for Chrome OS and the Chromebooks by Google. Additionally, the pop-up messages are displayed in a thee-stage scenario, which is intended to convince the user to add the promoted software to the browser.
Table of Contents
Stage 1: The Discovery of the Extension
The Web surfer clicks on an interesting ad, and the underlying page initiates a redirect to Chrome-38.site and clones hosted on other domains. Content creators may wish to monetize their work with advertisers to deliver promotional materials and claim pay-per-visit and pay-per-click revenue, which is a perfectly legal practice. However, there are content creators who rent space on their site without doing a background check and allow messages from untrusted providers to be made available on your screen. You click on links/ads, and you get redirected to sites like Chrome-38.site where you may be presented with the following pop-up notification:
'To continue working with your browser, you should install the extension!
Stage 2: The Presentation of the Extension
As mentioned above, the apps associated with the 'Add Extension to Leave' notifications may not be legitimate programs. When the user loads Chrome-38.site a suggestion is made by using images that are created by Google. Web surfers may think that Chrome-38.site offers an update to Google Chrome and proceed to install the unnamed extension. Users are not provided with a name for the extension and relevant information except for the following text:
'Important additions for your browser are downloading and installation is in progress. Press OK and install the extensions!'
Stage 3: The Full-Screen Invitation
The dialog box under the 'To continue working with your browser, you should install the extension!' notification includes a button that says 'OK.' If you click the button, a script on the page instructs your browser to dim the background and load a new pop-up in full-screen mode. The new dialog box from Chrome-38.site on your may include the string "Weightlifting Male Deadlift Standards" and suggest you install the promoted extension. The pop-up may say:
'Add "Weightlifting Male Deadlift Standards"?
View details
It can:
Read and change all your data on the websites you visit.
Add Extension Cancel'
Experts note that the name of the app may not be the same and the three-stage presentation has been observed in numerous clones of Chrome-38.site. Computer users that are presented with the advanced 'Add Extension to Leave' pop-ups should not trust the messages on the underlying page. Google Inc. does not deliver security updates and recommended apps via sites like Chrome-38.site. Adware developers may rely on misleading images and the 'Add Extension to Leave' pop-ups to lure users into granting access to their Internet history, downloads log and bookmarks. The data may be collected by fake extensions like "Weightlifting Male Deadlift Standards" from Chrome-38.site and sent to the servers of marketers. The programmers associated with Chrome-38.site may profit from selling the data and advertisements pushed to your desktop. You should use an anti-malware suite to purge riskware and adware-powered extensions safely. We strive to update a list of the domains connected to the 'Add Extension to Leave' campaign that you can find below:
- Barbereb[.]xyz
- Calculatorfree[.]pro — 'Calculator'
- Chrome-38[.]site — 'Weightlifting Male Deadlift Standards'
- Chrome.browser-add-ons[.]review — 'Photo Explorer'
- Circle-hov[.]pro — 'Circle hover effect'
- Cookingrecepies[.]faith — 'PrctSeek'
- D2s4s9[.]ru
- D8m54h[.]ru
- Divertingly[.]pw — 'Country Music Tab Extension'
F797cf[.]ru - Growupdtes[.]club — 'HeaPoters'
- Happyrows[.]pro — 'Happy rows'
- Likesong[.]win — 'News'
- Lovetest[.]pro — 'Love Test'
- Mybrowserupdate[.]club
- Oldfo[.]info — 'Oiejd Media'
- Reefsearch[.]bid — 'Reefsearch'
- Sa3r32831[.]ru
- Shushis[.]club
- Simsudoku[.]pro — 'Simples Sudoku'
- Smasherup[.]club — 'Papulrcos'
- Smotrivglub[.]webcam
- Sultrily[.]club — 'Roman Catholic Saints'
- Twattle[.]club
- Vidjovij[.]world
- Warehouse93op[.]xyz — 'FriendlyPrint'
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.