Over three million users have installed 15 of its extensions Chrome and 13 of Edge containing malicious code, security firm Avast said today.
The 28 extensions contained code that could perform many malicious functions. Avast says it has discovered code that:
- redirects user traffic to ads
- redirecting user traffic to phishing sites
- collects personally data, such as dates of birth, email addresses and active devices
- records the history browsing
- downloads further malware to a user's device
"For any redirection to a third-party domain, cybercriminals will be paid," the company said.
Avast discovered the extensions last month and found evidence that some were operational at least as early as December 2018, when some users started reporting redirect issues to other sites.
Jan Rubín, Avast Malware Researcher at Avast, said they could not determine if the extensions were maliciously created from scratch or if the code was added via an update when the extensions were installed.
Many of them were very popular, with tens of thousands of installations. Most of them came as helpers for downloading media content from various sources Social Networks, such as Facebook, Instagram, Vimeo or Spotify.
Chrome extensions
- Direct Messages for Instagram
- DM for Instagram
- Invisible mode for Instagram Direct Messages
- Downloader for Instagram
- Phone app for Instagram
- Stories for Instagram
- Universal Video Downloader
- Video Downloader for FaceBook ™
- Vimeo ™ Video Downloader
- Zoomer for Instagram and Facebook
- VK UnBlock. Works fast.
- Odnoklassniki UnBlock. Works quickly.
- Upload photo to Instagram ™
- Spotify Music Downloader
- The New York Times News
Edge extensions
- Direct Message for Instagram ™
- Instagram Download Video & Image
- Phone app for Instagram
- Universal Video Downloader
- Video Downloader for FaceBook ™
- Vimeo ™ Video Downloader
- Volume Controller
- Stories for Instagram
- Upload photo to Instagram ™
- Pretty Kitty, The Cat Pet
- Video Downloader for YouTube
- SoundCloud Music Downloader
- Instagram App with Direct Message DM
Until Google or Microsoft decide what to do with the above extensions, Avast recommends that those who use them uninstall and remove them from their browsers.