08 November 2017 Engineering

Sense Chrome plugin malware issue

By Josh Bressers

Elastic has recently been made aware that the Chrome webstore has marked the Sense browser plugin as malware. The plugin in question is not published by, or affiliated with, Elastic.

A long time ago Elastic wrote a plugin called Sense. Sense was the first version of what we now call the Kibana Console UI. The idea is that when curl is just too complicated you can interact with JSON using this tool. It gave developers the ability to easily write, debug, and modify the JSON being sent to Elasticsearch. The project was rather useful and used by many.

As many successful open source projects go, Sense evolved and became part of something bigger than itself. Sense was added to Kibana version 4 as a plugin. In Kibana version 5 we renamed Sense to Console and include it with every copy of Kibana installed. It proved to be such a useful tool we wanted everyone to have easy access to it.

When we decided to stop supporting the initial version of Sense the project was forked. In fact the project is still on Github. Anyone is welcome to fork the code and work on a project of their own. This is how open source works, the ability to fork a project or maintain your own version is incredible. Sometimes though things don’t always work out the way we’d like them to.

We were made aware recently that the Google Chrome webstore has flagged a forked version of the Sense plugin as malware.

We have a copy of this plugin, we looked at the contents and scanned it using VirusTotal, nothing obviously wrong stands out. That however doesn’t always mean it’s “safe”. It just means VirusTotal didn’t find anything wrong with it. Google has a pretty good track record about things like this, it’s likely there was something wrong with that plugin, it’s probably not a virus. Sometimes they flag things that are using extremely old and insecure libraries or even plugins that are doing something suspicious. Regardless, if you were using this plugin, you’d be wise to scan your system for possible problems. Chrome will automatically remove plugins from a running system that it believes contain malware. Even if you have a copy of this plugin and try to install it, Chrome will remove it eventually.

If you were using the Sense Chrome plugin we encourage you to use the Console feature in Kibana. It has similar functionality and is part of a well maintained and actively developed project.

There is a lesson here for everyone about software pedigree. Before installing things you find on the Internet, even through the Chrome store, you should note where it came from. Elastic was not the publisher of this particular plugin. There is a lot of dodgy software out there, some of it’s bad on purpose, most is accidentally bad. Elastic takes issues like this very seriously, we have teams of people who help us watch for problems like this and prevent them from happening in our products and services. There is a saying “software ages like milk, not like wine”. Old software can also be risky software.