Are you using any of these malicious browser extensions?

Extensions and add-ons are a great way to get the most out of your browser, but they also offer a convenient route for cybercriminals to perform a variety of nefarious acts that could threaten the security of your PC and online activities.

Security firm Avast said this week that it has identified malware hidden in at least 28 third-party Google Chrome and Microsoft Edge extensions. Statistics from web stores suggest that the extensions have received three million downloads worldwide.

The company said the malware could potentially redirect users to phishing sites, which could lead to an attempt to steal personal data.

The extensions work with popular online platforms like Facebook, Instagram, Spotify, and Vimeo, and they help users download videos and other content from the sites.

“Researchers have identified malicious code in Javascript-based extensions that allow the extensions to download more malware onto a user’s PC,” Avast said, adding that users also reported that add-ons are manipulating their online experience and redirecting them. to other websites.

“The actors also extract and collect the user’s dates of birth, email addresses, and device information, including time of first login, time of last login, device name, operating system , the browser used and its version, even the IP addresses (which could be used to find the approximate geographical location history of the user) ”, said the security firm.

But Avast said the main goal appears to be to monetize the traffic itself, with perpetrators paid for each redirect to a third-party domain.

Avast malware researcher Jan Rubin said: “Our hypothesis is that the extensions were deliberately built with the malware embedded or the author waited for the extensions to become popular and then released an update that contained the malware. It could also be that the author sold the original extensions to someone else after creating them, and then the buyer introduced the malware.

The Avast discovery is an important reminder to always be careful when downloading an extension for your browser and to ensure that you have up-to-date antivirus software enabled. Now would also be a good time to review all your browser extensions and uninstall those that you rarely use.

Some of the infected extensions are still available for download, although Avast said it has contacted Microsoft and Google and that both companies are investigating the problem. Browser creators are constantly looking for unreliable extensions. Google, for example, removed 500 of them from its Chrome Store earlier this year.

Below are the affected extensions discovered by Avast. If you have any of these on your PC, it is recommended to uninstall them immediately and run a scan for malware.

– Direct message for Instagram
– Direct message for Instagram
– DM for Instagram
– Stealth mode for Instagram direct message
– Downloader for Instagram
– Download video and image from Instagram
– Phone app for Instagram
– Phone app for Instagram
– Stories for Instagram
– Universal video downloader
– Universal video downloader
– Video Downloader for Facebook
– Video Downloader for Facebook
– Vimeo video downloader
– Vimeo video downloader
– Volume controller
– Zoomer for Instagram and Facebook
– Unlock VK. It works fast.
– Unlocking Odnoklassniki. It works fast.
– Upload photo to Instagram
– Spotify Music Downloader
– Stories for Instagram
– Upload photo to Instagram
– Pretty Kitty, the pet cat
– Video Downloader for YouTube
– SoundCloud Music Downloader
– New York Times News
– Instagram application with DM direct message

Editors’ Recommendations

Add Comment