'Ipasta' Chrome Extension by Whosopher.com

The 'Ipasta' Chrome Extension by Whosopher.com is a program that has many clones on the Internet, which are promoted via 'Add Extension' pop-up windows actively. Web surfers who click on links and are immediately shown a page in full-screen mode that directs them to add a particular browser extension are experiencing an attack with the 'Add Extension' pop-ups. The 'Ipasta' Chrome Extension by Whosopher.com is one of more than eighty browser extensions we have on record (at the time of writing) that are promoted through forced installations. The 'Ipasta' Chrome Extension is a type of program with adware and browser hijacking characteristics. The first samples of this new adware date back from November 2016 when users reported many pages loading in full-screen mode and receiving alerts that said they needed to add an extension to the browser if they want to proceed surfing the Web.

Google Inc. issued a delayed response due to the investigation that took place, and security researchers unveiled an extensive campaign that aimed to distribute adware-powered browser extensions. Almost a year later, we continue to observe emerging new versions of the same adware. At first, the 'Add Extension' pop-ups invited users to install extensions with bizarre names and no description. Soon after AV vendors and various complementary security developers began working to suppress the 'Add Extension' campaign, we found that new messages were shown to users and the clones of the 'Ipasta' Chrome Extension included a generic description and a screenshot of the main page at Chrome.google.com/webstore (the Google Chrome Web Store). One of the first domains to mark the change in the 'Add Extension' adware campaign was Chrome-38.site, and we have a detailed article you may be interested in reading. Since we covered Chrome-38.site at the beginning of May 2017, the company behind the 'Ipasta' Chrome Extension has been busy deploying many new versions and registering short-lived pages. These untrusted pages hosted a specially crafted JavaScript code, which may force your browser to stay on the page until you add a potentially threatening app to your Internet browser. Fortunately, cyber security vendors are keeping up with the release of new strains similar to the 'Ipasta' Chrome Extension by Whosopher.com, and you can remove potentially unsafe apps by running a complete system scan. Some of the latest (at the time of writing) clones of 'Ipasta' are the following extensions and their hosting pages:

• '3D Triforce' Chrome Extension by Pro.3dtriforce[.]top
• 'Bitcoins to live Chrome Extension by Erkan-ok[.]org
• 'Coefficient of Variation' Chrome Extension by Pro.variation[.]top
• 'Color mixer' Extension by Colormixer[.]me
• 'Dentesk' Chrome Extension by Teskden[.]pro
• 'Derey' Chrome Extension by Smumi[.]club
• 'EclecticButtons' Chrome Extension by Eclecticbuttons[.]com
• 'Edgydpower' Chrome Extension by Edgedpower[.]com
• 'Eng-Vi' Chrome Extension by 87421s2c4[.]trade
• 'Find Favorite' Chrome Extension by Los.gzldjj[.]com
• 'Finglish' Chrome Extension by 1365scc[.]trade
• 'GoIndicator' Chrome Extension by 1365scc[.]trade
• 'Ipasta' Chrome Extension by Whosopher[.]com
• 'June Web Companion' Chrome Extension by Sanogo[.]club
• 'Kickay' Chrome Extension by Kickay[.]com
• 'Magnitude' Chrome Extension by Fssysh[.]com
• 'MenaCel' Chrome Extension by Acmenel[.]pro
• MyCangKus' Chrome Extension by Plsdsc[.]com
• 'Omnibus Reis' Chrome Extension by S3.amazonaws[.]com
• 'Pick' Chrome Extension by Ismetofu[.]com
• 'Pixel Sorter' Chrome Extension by Pro.pixelsorter[.]top
• 'Player X' Chrome Extension by Teskden[.]pro
• 'Snituo22' Chrome Extension by Snitou[.]com
• 'Tank Runner' Chrome Extension by Zjsbsj[.]com
• 'Vannevar' Chrome Extension by Asusfix[.]win
• 'Web Search' Chrome Extension by Lpdespacito[.]com
• 'WebSnapper' Chrome Extension by Kmsdjc[.]ru