Researchers identify 28 malicious Chrome and Edge extensions with millions of users

midian182

Posts: 9,662   +121
Staff member
What just happened? Researchers have discovered 28 browser extensions for both Chrome and Edge that contain malicious code. The plug-ins, listed at the bottom of the page, are believed to have been installed by more than three million people.

Cybersecurity giant Avast analyzed the extensions last month after the threat was identified by Czech researchers at CZ.NIC, noting that some of them have been active since at least December 2018. They perform a range of malicious activities, including redirecting users to ads and phishing sites, collecting personal data and browsing history, and downloading other malware onto the host device.

Avast says (via ZDNet) that the primary aim of the campaign was to hijack user traffic for monetary gains. Every time one of the extensions redirected a user to a third-party domain, the cybercriminals would receive a payment. Given the number of installs, it's likely been a lucrative payday for the perpetrators.

“Our hypothesis is that either the extensions were deliberately created with the malware built in, or the author waited for the extensions to become popular and then pushed an update containing the malware,” said Avast researcher Jan Rubin. “It could also be that the author sold the original extensions to someone else after creating them and then his client introduced the malware afterwards.”

Avast has reported the extensions to Google and Microsoft, both of whom are conducting investigations.

These are the 15 Chrome and 13 Edge extensions containing the malicious code. If you’re using any, it’s recommended you remove them now.

Chrome extensions with malicious code, according to Avast:

  • Direct Message for Instagram
  • DM for Instagram
  • Invisible mode for Instagram Direct Message
  • Downloader for Instagram
  • App Phone for Instagram
  • Stories for Instagram
  • Universal Video Downloader
  • Video Downloader for FaceBook™
  • Vimeo™ Video Downloader
  • Zoomer for Instagram and FaceBook
  • VK UnBlock. Works fast.
  • Odnoklassniki UnBlock. Works quickly.
  • Upload photo to Instagram™
  • Spotify Music Downloader
  • The New York Times News

Edge extensions with malicious code, according to Avast:

  • Direct Message for Instagram™
  • Instagram Download Video & Image
  • App Phone for Instagram
  • Universal Video Downloader
  • Video Downloader for FaceBook™
  • Vimeo™ Video Downloader
  • Volume Controller
  • Stories for Instagram
  • Upload photo to Instagram™
  • Pretty Kitty, The Cat Pet
  • Video Downloader for YouTube
  • SoundCloud Music Downloader
  • Instagram App with Direct Message DM

Permalink to story.

 
Well, they seem to know their vulnerable audience. Those most likely to install a bit of malicious software without checking. I feel that there is a pattern in what they're all purporting to "improve" here. Some sort of detectable commonality. But I can't be 100% certain who they're attacking with their malicious software.
 
Back