Up to 3 million devices infected by Chrome and Edge add-ons with malware | GeekComparison

Close-up of address bar on internet browser

As many as 3 million people have been infected by Chrome and Edge browser extensions that steal personal data and redirect users to advertising or phishing sites, a security firm said Wednesday.

In all, researchers from Prague-based Avast said they found 28 extensions for the Google Chrome and Microsoft Edge browsers that contained malware. The add-ons billed themselves as a way to download photos, videos, or other content from sites like Facebook, Instagram, Vimeo, and Spotify. At the time this post went live, some, but not all, malicious extensions remained available for download from Google and Microsoft.

Avast researchers found malicious code in the JavaScript-based extensions that allow them to download malware onto an infected computer. In a post, the researchers wrote:

Users have also reported that these extensions manipulate their Internet experience and redirect them to other websites. Each time a user clicks on a link, the extensions send information about the click to the attacker’s control server, which can optionally send a command to redirect the victim from the real link target to a new hijacked URL before redirecting them later to the actual website they click on. wanted to visit. User privacy is compromised by this procedure, as a log of all clicks is sent to these third-party intermediate websites. The actors also exfiltrate and collect the user’s dates of birth, email addresses and device information, including first logon time, last logon time, device name, operating system, browser used and its version, even IP addresses (which can be used to track the approximate geographic location history of the user).

The researchers don’t yet know if the extensions came with pre-installed malicious code or if the developers waited until the extensions reached a critical mass of users and only then pushed a malicious update. It is also possible that legitimate developers created the add-ons and then unknowingly sold them to someone who intended to use them maliciously.

A recurring problem

In recent years, third party add-ons have become a common means of infecting people with malware and adware. Last year, a researcher discovered Chrome and Firefox extensions that collected and published the browsing history of an estimated 4 million people.

The data revealed proprietary information from some of the biggest names in technology, including Tesla, Trend Micro, Symantec and Blue Origin. Individuals’ tax returns, doctor’s appointment schedules, and other personal information were also made public.

In at least one case of extension tampering, malicious code was inserted into extensions after attackers gained access to the accounts of legitimate developers. In other cases, the extensions were published by developers who managed to bypass checking processes used by browser makers in an attempt to block abusive or malicious add-ons.

Google and Microsoft did not immediately respond to an email requesting comment asking if the companies planned to remove the extensions reported by Avast.

The apps reported by Avast are:

  • Direct message for Instagram
  • Direct message for Instagram
  • DM for Instagram
  • Invisible Mode for Instagram Direct Message
  • Download program for Instagram
  • Instagram Download video and image
  • App Phone for Instagram
  • App Phone for Instagram
  • Stories for Instagram
  • Universal video downloader
  • Universal video downloader
  • Video downloader for FaceBook
  • Video downloader for FaceBook
  • Vimeo video downloader
  • Vimeo video downloader
  • Volume control
  • Zoomer for Instagram and Facebook
  • UK Unblock. Works fast.
  • Odnoklassniki Unblock. Works fast.
  • Upload photo to Instagram
  • Spotify music downloader
  • Stories for Instagram
  • Upload photo to Instagram
  • Pretty Kitty, the pet cat
  • Video downloader for YouTube
  • SoundCloud music downloader
  • The news from the New York Times
  • Instagram app with Direct Message DM

The list Avast provides in its blog post includes links to download locations for both Chrome and Edge. Anyone who downloaded any of these add-ons should uninstall it immediately and run a virus scan.

Leave a Comment