What happened? Researchers have discovered 28 browser extensions for both Chrome and Edge that contain malicious code. The plugins, listed at the bottom of the page, are believed to have been installed by more than three million people.
Cybersecurity giant Avast analyzed the extensions last month after the threat was identified by Czech researchers at CZ.NIC, noting that some of them have been active since at least December 2018. They perform a number of harmful activities, including redirecting users. to ads and phishing sites, collecting personal data and browsing history, and downloading other malware to the host device.
Avast says (via ZDNet) that the main goal of the campaign was to hijack users’ traffic for monetary gain. Each time one of the extensions redirected a user to a third-party domain, cybercriminals would receive a payment. Given the number of installations, it was probably a profitable payday for the perpetrators.
“Our hypothesis is that either the extensions were deliberately created with the embedded malware, or the author waited for the extensions to become popular and then pushed an update containing the malware,” said Avast researcher Jan Rubin. “The author may also sell the original extensions to someone else after creating them, and then his client may have introduced the malware afterwards.”
Avast reported the extensions to Google and Microsoft, both of which were conducting investigations.
These are the 15 Chrome and 13 Edge extensions that contain malicious code. If you use any, we recommend that you remove them now.
Malicious Chrome extensions with Avast code:
- Direct message to Instagram
- DM for Instagram
- Invisible mode for direct Instagram message
- Downloader for Instagram
- Phone app for Instagram
- Stories for Instagram
- Universal Video Downloader
- Video Downloader for FaceBook ™
- Vimeo ™ Video Downloader
- Zoomer for Instagram and FaceBook
- VK Unlock. It works fast.
- Odnoklassniki UnBlock. It works fast.
- Upload the photo to Instagram ™
- Spotify Music Downloader
- New York Times News
Malicious Edge Extensions with Malicious Code:
- Direct message to Instagram
- Instagram Download videos and images
- Phone app for Instagram
- Universal Video Downloader
- Video Downloader for FaceBook ™
- Vimeo ™ Video Downloader
- Volume controller
- Stories for Instagram
- Upload the photo to Instagram ™
- Pretty Kitty, The Cat Pet
- Video Downloader for YouTube
- SoundCloud Music Downloader
- Instagram application with direct message DM