Are You Utilizing Any of These Malicious Browser Extensions?

Extensions and add-ons are a great way to get more out of your browser, but they are also a convenient way for cyber criminals to perform a variety of nefarious acts that could compromise the security of your PC and your online activities.

Security firm Avast announced this week that it has identified malicious software hidden in at least 28 third-party Google Chrome and Microsoft Edge extensions. Statistics from the web shops suggest that the extensions received three million downloads worldwide.

The company said the malware could potentially redirect users to phishing sites, which could result in an attempt to steal personal information.

The extensions work with popular online platforms like Facebook, Instagram, Spotify and Vimeo and help users download videos and other content from the websites.

"The researchers identified malicious code in the Javascript-based extensions that the extensions can use to download additional malware onto a user's PC," Avast said, adding that users have also reported that the add-ons improve their online experience manipulate and redirect other websites.

"The actors also filter and collect the dates of birth, email addresses and device information of the user, including the first login time, the last login time, the device name, the operating system, the browser used and its version, and the IP addresses (possibly) used to determine the approximate geographic location history of the user), "stated the security company.

According to Avast, the main goal seems to be to monetize the traffic itself, with the perpetrators receiving a payment for every redirect to a third-party domain.

Avast malware researcher Jan Rubín said, “Our hypothesis is that either the extensions were intentionally created with the built-in malware, or the author waited for the extensions to become popular and then released an update with the malware. Or, it could be that the author sold the original extensions to someone else after creating them, and the buyer subsequently introduced the malware. "

The Avast discovery is an important reminder to always use caution when downloading an extension for your browser and to make sure that you have the latest antivirus software turned on. Now would also be a good time to check out all of your browser extensions and uninstall the ones you rarely use.

Some of the infected extensions are still available for download. However, Avast said it contacted Microsoft and Google, and both companies are currently investigating the issue. Browser builders are always on the lookout for shady extensions. For example, Google removed 500 of these from its Chrome Store earlier this year.

The following are the affected extensions detected by Avast. If you have any of these on your PC, it is recommended to uninstall it immediately and run a malware scan.

– Direct message for Instagram
– Direct message for Instagram
– DM for Instagram
– Invisible mode for Instagram Direct Message
– Downloader for Instagram
– Download Instagram video & picture
– App Phone for Instagram
– App Phone for Instagram
– Stories for Instagram
– Universal video downloader
– Universal video downloader
– Video downloader for Facebook
– Video downloader for Facebook
– Vimeo Video Downloader
– Vimeo Video Downloader
– Volume control
– Zoomer for Instagram and Facebook
– VK UnBlock. Works fast.
– Odnoklassniki UnBlock. Works fast.
– Upload photo to Instagram
– Spotify Music Downloader
– Stories for Instagram
– Upload photo to Instagram
– Pretty cat, the cat pet
– Video downloader for YouTube
– SoundCloud Music Downloader
– The New York Times news
– Instagram app with Direct Message DM

Editor's recommendations




Leave a Reply

Your email address will not be published. Required fields are marked *