108

I am getting strange warning on almost all the websites since morning, including unanalytics.com.

Deceptive site warning

I am pretty much sure that it's a issue in google chrome only. The reason for being sure is, I am getting this on http://localhost too.

I want to know how can we remove this warning. is someone trying to steal the data?

Here are the Extension list I have installed

  • AdBlock
  • Better History
  • Copy All Urls
  • Google Dictionary (by Google)
  • Google Docs Offline
  • Google Translate
  • MakkhiChoose
  • Pushbullet
  • Tab Snooze
  • Tabbie

Google chrome version: Version 66.0.3359.139 (Official Build) (64-bit)

OS: Ubuntu 14.04

Giacomo1968
  • 55,001
Manthan Tripathi
  • 877
  • Can you try it in Incognito mode? Do you get the same error? What URL are you trying to access when you see this error? What do you see when you click on the "Details" button on the Warning? –  May 08 '18 at 11:27
  • 1
    Let me check. Basically the problem occurs when we open some page and keep that page idle for some mins by opening the new page. –  May 08 '18 at 11:29
  • @PrateekParanjpe: Following is what I am getting when I open the Details button

    Google Safe Browsing recently detected phishing on unanalytics.com. Phishing sites pretend to be other websites to trick you.

    You can report a detection problem or, if you understand the risks to your security, visit this unsafe site.

    But I am not opening the unanalytics.com, It happened on stackoverflow.com too.

     –  May 08 '18 at 11:31
  • 7
    Yeah I've been getting this intermittently. Turned off Better History and hasn't happened again yet. –  May 08 '18 at 11:43
  • Experiencing the same issue with same Chrome version on both Windows 7 and Mac OS X. – Frédéric May 08 '18 at 11:45
  • 1
    More details about the "malice" being spread via that domain -

    https://gist.github.com/DrewDennison/bf661461c88cdfe959810811b32676f1

     –  May 08 '18 at 11:50
  • Happened to me few months back. But was resolved after deleting browsing history and data since beginning. – Sandeep May 08 '18 at 12:08
  • I'm voting to close this question as off-topic because this question would be better suited for security.stackexchange.com – Tschallacka May 08 '18 at 12:41
  • Im not sure if this helps, but its possible they got "started" early https://www.theverge.com/2018/2/8/16991254/chrome-not-secure-marked-http-encryption-ssl –  May 08 '18 at 13:25
  • Beware spyhunter seems to be targeting this with there product - I've asked about it here https://security.stackexchange.com/q/185557/8120 – KCD May 10 '18 at 06:31
  • FYI, "Enhanced History" (a substitute for "Better History") has just been withdrawn from the Chrome Web Store (don't know the details) – ptim Oct 16 '18 at 00:26

3 Answers3

122

I had the extension "Better History" installed also and have just removed it and tried visiting and browsing multiple sites without the warning appearing again.

I will comment again if it does but seems to be a quick fix.

87

Now I'm reading why Better History is no longer available in the Chrome Web Store:

Better History Chrome extension goes rogue, hijacks browsers and displays ads

A third-party Chrome extension, supposed to make management of your browsing history simpler, has been kicked out of the Chrome web store after users accused it of hijacking their browsing, fiddling with links and opening webpages displaying ads. [...]

Community
  • 1
lstulajter
  • 611
  • 22
    Yes, indeed it's not there anymore... Would be nice if Chrome warned users "The extension X has been removed from the web store due to Z motives"... I just removed it from my extensions. – brasofilo May 08 '18 at 22:34
  • @brasofilo i can still find it in the chrome web store – J_rite May 09 '18 at 10:43
  • 2
    @SEGod, yesterday I googled the extension and the results were going to a 404 Google page. I tried to search for the extension ID and same results. I searched within the Web Store right now and a similar named extension appears -it's not the same- Chrome Better History. Reviews there are accusing the extension of being rogue too... (edit) The Github repo cited on the article linked in the answer was removed. – brasofilo May 09 '18 at 19:38
  • 3
    Whats sad is that the original author ended up selling it (presumably because of financial issues), which caused the new changes by the new owner. Either he had this plugin that he cherished and continued to develop, and was forced to sell it for more important needs, or he just wanted to cash in on the plugin, not caring for the users. – Mercury Platinum May 10 '18 at 20:06
3

I added 'Unanalytics.com' to the 'My Filters' list in uBlock Origin to block it. This seems to have resolved the problem for me. This should work in any other ad-blocking plugin too, such as Adblock Plus.

Here is the rule text:

! ...for Google Unsafe Browsing meassage...
||unanalytics.com/*

UPDATE:

As mentioned in the comments attached below this solution, this is merely a bandage on the problem. The extension still exists and may or may not be malicious.

spinjector
  • 130
  • 5
  • This is at best a bandaid for the actual problem, which appears to be a malicious extension. If the extension is behaving badly now, it's likely to continue to do so in the future. By leaving it installed, you'll be open to attack again from whenever it changes to a different domain, until that domain generates enough negative attention to get blocked too. The proper fix is to dump Better History for something not attempting to spy on you. – Dan Is Fiddling By Firelight May 09 '18 at 17:16
  • This is all entirely true. After reading through the thread again, and seeing where someone mentioned another fork of the Better History extension, it seems the original has either purposely or inadvertently become a conduit for that Croatian domain. So...better to kill the one I have and install the new fork from the Chrome store. I've updated my solution to echo this comment. – spinjector May 09 '18 at 17:30