diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java
index 352e23e767b1101d46993d5977ff4040a962a5d5..17b1c58740824a7e75e85bb50fe3f592eed9b12e 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java
@@ -107,7 +107,8 @@ class Chromium extends Extract {
private static final String FAVICON_ARTIFACT_NAME = "TSK_FAVICON"; //NON-NLS
private static final String LOCAL_STATE_ARTIFACT_NAME = "TSK_LOCAL_STATE"; //NON-NLS
private static final String EXTENSIONS_ARTIFACT_NAME = "TSK_CHROME_EXTENSIONS"; //NON-NLS
-
+ private static final String MALICIOUS_EXTENSION_FOUND = "Malicious Extension Found - ";
+
private Boolean databaseEncrypted = false;
private Boolean fieldEncrypted = false;
@@ -616,6 +617,11 @@ private void getExtensions(String browser, String browserLocation, String userNa
Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_ID,
RecentActivityExtracterModuleFactory.getModuleName(), extension));
+ if (maliciousChromeExtensions.get(extension) != null) {
+ bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_COMMENT,
+ RecentActivityExtracterModuleFactory.getModuleName(),
+ MALICIOUS_EXTENSION_FOUND + maliciousChromeExtensions.getOrDefault(extension, "No Source Identified")));
+ }
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME,
RecentActivityExtracterModuleFactory.getModuleName(), extName));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DESCRIPTION,
@@ -637,26 +643,6 @@ private void getExtensions(String browser, String browserLocation, String userNa
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, String.format("Failed to create Extension artifact for file (%d)", extensionFile.getId()), ex);
}
-
- if (maliciousChromeExtensions.get(extension) != null & art != null) {
- bbattributes = new ArrayList<>();
- bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_ID,
- RecentActivityExtracterModuleFactory.getModuleName(), extension));
- bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_COMMENT,
- RecentActivityExtracterModuleFactory.getModuleName(),
- maliciousChromeExtensions.getOrDefault(extension, "No Source Identified")));
- try {
- bbartifacts.add(art.newAnalysisResult(
- BlackboardArtifact.Type.TSK_INTERESTING_ITEM, Score.SCORE_NOTABLE,
- null, "Malicious Chrome Extensions", null,
- bbattributes)
- .getAnalysisResult());
- } catch (TskCoreException ex) {
- logger.log(Level.SEVERE, String.format("Failed to create Extension artifact for file (%d)", extensionFile.getId()), ex);
- }
-
- }
-
}
if (!context.dataSourceIngestIsCancelled()) {
diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/malicious_chrome_extensions.csv b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/malicious_chrome_extensions.csv
index 401d8f5c5f7689c33d217cfb3815e76b7b36d065..6459ce134c259a489eb37718a5cca9ca53ce4137 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/malicious_chrome_extensions.csv
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/malicious_chrome_extensions.csv
@@ -334,5 +334,3 @@ flijfnhifgdcbhglkneplegafminjnhn,"https://www.mcafee.com/blogs/other-blogs/mcafe
gbnahglfafmhaehbdmjedfhdmimjcbed,"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users"
mmnbenehknklpbendgmgngeaignppnbe,"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users"
pojgkmkfincpdkdgjepkmdekcahmckjp,"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users"
-dgiklkfkllikcanfonkcabmbdfmgleag,"Test Extension"
-fogppepbgmgkpdkinbojbibkhoffpief,"Test 2 Extension"
\ No newline at end of file