« previous next »
Pages: [1]   Go Down

Author Topic: Cliqz Internet Privacy Browser- is it above board or middleware?  (Read 954 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Cliqz Internet Privacy Browser- is it above board or middleware?
« on: December 01, 2019, 02:07:12 PM »
Cliqz Internet is a privacy browser, developed by a firm in Germany, based on Mozilla firefox.
After an update, your old Cliqz data are kept separately on the desktop in a file,
and the old browser has been cleansed.

I search in this browser set to using Qwant search engine.
Qwant sometimes have you search with an additional 2FA captcha for authentication.
.
The browser can be downloaded here: -https://cliqz.com/en/

I run the browser using Ghostery, uBlockOrigin en uMatrix, retire.js and Temporary Container extensions.
Cliqz browser also has a so-called Forget Window.

The browser has the Cliqz control center,for anti-tracking, ad-blocking and Anti-Phishing.

The browser offers MyOffrz - a moz extension,
another way to pay debvelopers like Brave browser using a bitcoin developer credit system.

That works according to code found below.
Quote
<!DOCTYPE html>
<html lang="de">
<head>
    <meta charset="utf-8">
    <meta http-equiv="x-dns-prefetch-control" content="off">
    <title>Reward Box</title>
    <script src="../offers-cc/offers-cc.bundle.js"></script>
    <script type="text/javascript" src="../vendor/react.js"></script>
    <script type="text/javascript" src="../vendor/react-dom.js"></script>
    <script src="../offers-cc/offers-cc-after.bundle.js"></script>
    <link rel="stylesheet" href="styles/styles.css">

    <script type="text/javascript" src="../core/setup-content.js"></script>
</head>
<body>
  <div id="cliqz-offers-cc"></div>
</body>
</html>

The browser looks like Brave browser did,  before that browser switched to become a chromium based clone.
So Brave also has all extensions, flaws and other core-business restricties, you meet using Google Chrome and chromium.

I do not use the MyOffrz middleware

But now I found an alert on the Cliqz installer, I want to report this here, two engines flag, one of them being CrowdStrike.

See: https://maltiverse.com/sample/9263b5a5045dc22c4c754b35d85037002933d28ed14401c24b1486e5b80ddd9d

Also : https://metadefender.opswat.com/results#!/file/62A7E747D4B14A0D35AB85F647466FA6/hash/overview
Detections date from March, this year.

But as the detection is generic and from an unknown av vendor, it most likely is an FP.

Still as our German users may have it, where firefox has a 40% proliferation (or Dutch like little old me) ,
I just wanted to report it.

I have run the browser with Nir Sofer Sniffer and Wireshark running under it,
and I see neither weird requests nor anythingh out of the ordinairy.

Also AV and  MBAM do not alert the updater: https://www.virustotal.com/gui/file/6be9a6214d79c33ba65dd629d1973722716a0860456719c5414a35f662e70c04/detection

Also nothing comes up here: https://www.virustotal.com/gui/url/91739ab8e42e0586a8505de5f5adc3e9e988477b1c4a712f10dbb2b30073a5d2/detection voor proxy81.cliqz.foxyproxy.com

Here also nothing to be found: https://www.virustotal.com/gui/domain/ns-1119.awsdns-11.org/relations

Is this Cliqz browser free of malcode (so called middleware)?

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »