Chrome or Edge? remove the extensions immediately

More than three million users have installed 15 Chrome and 13 Edge extensions that contain malicious code, the company Avast Security.

The 28 extensions contained code that could perform many malicious functions. Avast says it has discovered code that:

• redirects user traffic to ads
• redirecting user traffic to phishing sites
• collects personal data such as dates of birth, email addresses and active devices
• records browsing history
• further downloads malicious software on a user's device

"For any redirection to a third-party domain, cybercriminals will be paid," the company said.

Avast discovered the extensions last month and found evidence that some were operational at least as early as December 2018, when some users started reporting redirect issues to other sites.

Jan Rubin, Malware Avast Researcher, said they were unable to determine if the extensions were built with malicious code from scratch or if the code was added through an update when the extensions were installed.

Many of them were very popular, with tens of thousands of facilities. Most came as add-ons for downloading media content from various social networks, such as Facebook, Instagram, Vimeo or Spotify.

Chrome extensions

• Direct Messages for Instagram
• DM for Instagram
• Invisible mode for Instagram Direct Messages
• Downloader for Instagram
• Phone app for Instagram
• Stories for Instagram
• Universal Video Downloader
• Video Downloader for FaceBook ™
• Vimeo ™ Video Downloader
• Zoomer for Instagram and Facebook
• VK UnBlock. Works fast.
• Odnoklassniki UnBlock. Works quickly.
• Upload photo to Instagram ™
• Spotify Music Downloader
• The New York Times News

Edge extensions

• Direct Message for Instagram ™
• Instagram Download Video & Image
• Phone app for Instagram
• Universal Video Downloader
• Video Downloader for FaceBook ™
• Vimeo ™ Video Downloader
• Volume Controller
• Stories for Instagram
• Upload photo to Instagram ™
• Pretty Kitty, The Cat Pet
• Video Downloader for YouTube
• SoundCloud Music Downloader
• Instagram App with Direct Message DM

Until Google or the Microsoft what to do with the above extensions, Avast recommends that those who use them uninstall them and remove them from programs browsing them.