The admin of the NeoBux forums published a very detailed analysis about the extension from this site AdFiver. Here are the problems in a Nutshell:
- It gets permission to access every single website. (it can inject its code in “
http://*/*” and “https://*/*“, so, every single site that you visit, secure or not secure) - It retrieves the code to be executed by the extension every 24 hours from AdFiver. They can modify what the extension does, then the extension will automatically get the changes and begin executing that new code in your browser.
- Whenever you login into NeoBux, the extension will send your login details to their server 60 seconds after you log in.
The analysis covers this related to NeoBux of course, but it can literally do it to every single website that you visit. By having the extension, you are allowing AdFiver to inject code to every single website that you visit, and it can change the code on it at any point they want.
Here is the Detailed Analysis of the AdFiver extension if you want to see the ugly details.
And the recomendation is: Remove the extension at once, and change your passwords.