28 Malicious Extensions Installed On Chrome Or Edge

Researchers identified malware hidden in at least 28 third-party Google Chrome and Microsoft Edge extensions — affects 30 lakh users worldwide.

Browser Malicious Extensions:

28 malicious extensions identified, 15 were available for the Chrome web browser, while 13 were Edge extensions.

Importantly, Threat Intelligence researchers from cybersecurity firm Avast have identified malware, that has the functionality to:

collect personal data, such as birth dates, email addresses, and active devices
redirect user traffic to ads & redirect user traffic to phishing sites
download further malware onto a user’s device
collect browsing history

Despite the above malicious features, the primary objective of the code is to hijack user traffic for monetary gains, Avast researchers said.

“For every redirection to a third party domain, the cybercriminals would receive a payment,” the company said.

Firstly, the list of Chrome extensions that Avast identified as malicious:

Secondly, the List of Edge extensions containing malicious code:

Importantly, it is notified to both Google and Microsoft, and confirmed they are still investigating the extensions.

Security Recommendations:

Researcher at Avast, said they couldn’t identify if the extensions had been created with malicious code from the beginning or if the code was added via an update when each extension passed a level of popularity.

At this moment, the infected extensions are still available for download.

However, researchers recommended users to uninstall and remove the extensions from their browsers. Secondly, run antivirus software on the device.

In short, researchers believe that it could have been active for years without anyone noticing.