Researchers identified malware hidden in at least 28 third-party Google Chrome and Microsoft Edge extensions — affects 30 lakh users worldwide.
Browser Malicious Extensions:
28 malicious extensions identified, 15 were available for the Chrome web browser, while 13 were Edge extensions.
Importantly, Threat Intelligence researchers from cybersecurity firm Avast have identified malware, that has the functionality to:
- collect personal data, such as birth dates, email addresses, and active devices
- redirect user traffic to ads & redirect user traffic to phishing sites
- download further malware onto a user’s device
- collect browsing history
Despite the above malicious features, the primary objective of the code is to hijack user traffic for monetary gains, Avast researchers said.
“For every redirection to a third party domain, the cybercriminals would receive a payment,” the company said.
Firstly, the list of Chrome extensions that Avast identified as malicious:
- Direct Message for Instagram
- DM for Instagram
- Invisible mode for Instagram Direct Message
- Downloader for Instagram
- App Phone for Instagram
- Stories for Instagram
- Universal Video Downloader
- Video Downloader for FaceBook™
- Vimeo™ Video Downloader
- Zoomer for Instagram and FaceBook
- VK UnBlock. Works fast.
- Odnoklassniki UnBlock. Works quickly.
- Upload photo to Instagram™
- Spotify Music Downloader
- The New York Times News
Secondly, the List of Edge extensions containing malicious code:
- Direct Message for Instagram™
- Instagram Download Video & Image
- App Phone for Instagram
- Universal Video Downloader
- Video Downloader for FaceBook™
- Vimeo™ Video Downloader
- Volume Controller
- Stories for Instagram
- Upload photo to Instagram™
- Pretty Kitty, The Cat Pet
- Video Downloader for YouTube
- SoundCloud Music Downloader
- Instagram App with Direct Message DM
Importantly, it is notified to both Google and Microsoft, and confirmed they are still investigating the extensions.
Security Recommendations:
Researcher at Avast, said they couldn’t identify if the extensions had been created with malicious code from the beginning or if the code was added via an update when each extension passed a level of popularity.
At this moment, the infected extensions are still available for download.
However, researchers recommended users to uninstall and remove the extensions from their browsers. Secondly, run antivirus software on the device.
In short, researchers believe that it could have been active for years without anyone noticing.
best i have ever seen !