More than three million users have installed 15 Chrome and 13 Edge extensions that contain malicious code, security company Avast said today.
The 28 extensions contained code that could perform many malicious functions. Avast says it has discovered code that:
- redirects user traffic to ads
- redirecting user traffic to phishing sites
- collects personal data such as dates of birth, email addresses and active devices
- records browsing history
- downloads further malware to a user's device
"For any redirection to a third-party domain, cybercriminals will be paid," the company said.
Avast discovered the extensions last month and found evidence that some were operational at least as early as December 2018, when some users started reporting redirect issues to other sites.
Jan Rubín, Avast Malware Researcher at Avast, said they could not determine if the extensions were maliciously created from scratch or if the code was added via an update when the extensions were installed.
Many of them were very popular, with tens of thousands of facilities. Most came as add-ons for downloading media content from various social networks, such as Facebook, Instagram, Vimeo or Spotify.
Chrome extensions
- Direct Messages for Instagram
- DM for Instagram
- Invisible mode for Instagram Direct Messages
- Downloader for Instagram
- Phone app for Instagram
- Stories for Instagram
- Universal Video Downloader
- Video Downloader for FaceBook ™
- Vimeo ™ Video Downloader
- Zoomer for Instagram and Facebook
- VK UnBlock. Works fast.
- Odnoklassniki UnBlock. Works quickly.
- Upload photo to Instagram ™
- Spotify Music Downloader
- The New York Times News
Edge extensions
- Direct Message for Instagram ™
- Instagram Download Video & Image
- Phone app for Instagram
- Universal Video Downloader
- Video Downloader for FaceBook ™
- Vimeo ™ Video Downloader
- Volume Controller
- Stories for Instagram
- Upload photo to Instagram ™
- Pretty Kitty, The Cat Pet
- Video Downloader for YouTube
- SoundCloud Music Downloader
- Instagram App with Direct Message DM
Until Google or Microsoft decide what to do with the above extensions, Avast recommends that those who use them uninstall and remove them from their browsers.