Three million users installed 28 malicious Chrome or Edge extensions


More than three million internet users have installed Chrome and Edge extensions that contain malicious code. Out of the 28 extensions downloaded, 15 are Chrome extensions and 13 are Edge extensions.

These extensions contained code that could perform several malicious operations.

According to security firm Avast, they found code to redirect user traffic to ads and phishing sites, collect personal data, such as birth dates, email addresses, and active devices and browsing history, and to download further malware onto a user’s device.

The Avast researchers said that the primary objective of this campaign might be to hijack user traffic for monetary gains.

For every redirection to a third-party domain, the threat actors would receive a payment.

Avast discovered the extensions last month and some of them were found to have been active since at least December 2018.

Jan Rubín, Malware Researcher at Avast, said they are not sure whether the extensions had been created with malicious code from the beginning or if the code was added during an update when each extension passed a level of popularity.

Most of the extensions have become very popular, having over tens of thousands of installs. They did so by posing as add-ons meant to help users download multimedia content from various social networks, such as Facebook, Instagram, Vimeo, or Spotify.

Avast had reported its findings to both Google and Microsoft and both companies are still investigating the extensions.

However, the tech giants haven’t returned a request for comment asking additional information on the status of their investigation into Avast’s report or if the extensions were going to be removed.

The list of Chrome extensions that contain malicious code are

  • Direct Message for Instagram
  • DM for Instagram
  • Invisible mode for Instagram Direct Message
  • Downloader for Instagram
  • App Phone for Instagram
  • Stories for Instagram
  • Universal Video Downloader
  • Video Downloader for FaceBook™
  • Vimeo™ Video Downloader
  • Zoomer for Instagram and FaceBook
  • VK UnBlock. Works fast.
  • Odnoklassniki UnBlock. Works quickly.
  • Upload photo to Instagram™
  • Spotify Music Downloader
  • The New York Times News

The list of Edge extensions that contain malicious code are

  • Direct Message for Instagram™
  • Instagram Download Video & Image
  • App Phone for Instagram
  • Universal Video Downloader
  • Video Downloader for FaceBook™
  • Vimeo™ Video Downloader
  • Volume Controller
  • Stories for Instagram
  • Upload photo to Instagram™
  • Pretty Kitty, The Cat Pet
  • Video Downloader for YouTube
  • SoundCloud Music Downloader
  • Instagram App with Direct Message DM

Avast recommended that users must uninstall and remove the extensions from their browsers until Google and Microsoft makes a decision.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Sophos & ReversingLabs release SoReL-20M

    Previous article

    FireEye, GoDaddy and Microsoft release SolarWinds kill-switch

    Next article

    You may also like

    More in Malware


    Leave a reply

    Your email address will not be published. Required fields are marked *