What just happened? Researchers have discovered 28 browser extensions for both Chrome and Edge that contain malicious code. The plugins, listed at the bottom of the page, are believed to have been installed by more than three million people.
Cyber security giant Avast analyzed the extensions last month after the threat was identified by Czech researchers at CZ.NIC and noted that some of them have been active since at least December 2018. They perform a variety of malicious activities, including redirecting users to advertisements and collect phishing sites, personal information and browsing history and download other malware onto the host device.
Avast says (via ZDNet) that the primary goal of the campaign was to hijack user traffic for monetary gain. Every time one of the extensions redirects a user to a third party domain, the cyber criminals would receive a payment. Given the number of installations, it has likely been a lucrative payday for the perpetrators.
“Our hypothesis is that the extensions were deliberately created with the built-in malware, or that the author waited for the extensions to become popular and then pushed an update with the malware,” said Avast researcher Jan Rubin. “It could also be that the author sold the original extensions to someone else after creating them and his client introduced the malware afterward.”
Avast has reported the extensions to Google and Microsoft, which are both investigating.
These are the 15 Chrome and 13 Edge extensions that contain the malicious code. If you are using one, we recommend that you remove it now.
Chrome extensions with malicious code, according to Avast:
- Direct message for Instagram
- DM for Instagram
- Invisible mode for Instagram Direct Message
- Downloader for Instagram
- App phone for Instagram
- Stories for Instagram
- Universal video downloader
- Video Downloader for FaceBook ™
- Vimeo ™ Video Downloader
- Zoomer for Instagram and FaceBook
- Unlock VK. Works fast.
- Unlock Odnoklassniki. Works fast.
- Upload photo to Instagram ™
- Spotify Music Downloader
- The New York Times News
Edge extensions with malicious code, according to Avast:
- Direct Message for Instagram ™
- Instagram Download video and image
- App phone for Instagram
- Universal video downloader
- Video Downloader for FaceBook ™
- Vimeo ™ Video Downloader
- Volume control
- Stories for Instagram
- Upload photo to Instagram ™
- Pretty Kitty, The Cat Pet
- Video Downloader for YouTube
- SoundCloud music downloader
- Instagram app with direct message DM