According to cybersecurity researchers, 28 browser extensions on Microsoft Edge and Google Chrome contain malware, and they’ve been downloaded by more than three million people.
In a blog post, cybersecurity firm Avast said it has analyzed 28 malicious browser extensions after a group of Czech researchers identified the threat and found extensions to contain malware. They include things like Video Downloader for Facebook, Vimeo Video Downloader, Instagram Story Downloader, VK Unblock and other browser extensions.
According to Avast, browser store download figures indicate more than three million users could be affected worldwide. The firm started monitoring this threat in November 2020, but this attack method could have been active for years without being detected.
Avast has reported this to Microsoft and Google, and the firms are investigating, according to Avast.
The firms’ blog notes that reviews on the Chrome Web Store mention link hijacking from December 2018, meaning malicious browser extensions could have been infecting uses’ devices for nearly two years.
According to Avast, the firm believes that the extensions were either deliberately created with malware built in, or the author waited for the extensions to become popular and then published an update containing the malware. Or, the author could have sold the original extensions to someone else after creating them who could have introduced the malware afterwards.
Read Next: What We Know About The Massive Hack of SolarWinds’ IT Management Platform
Malicious code in the infected JavaScript-based browser extensions also allow for even more malware to be downloaded to a device. The code also manipulates links that victims click on after downloading the extensions, exposing users to phishing sites and ads.
Avast believes the owners of the domains pay the cyber actors for every redirection rather than the cyber actors actually owning the domains themselves.
When users click on the links, the extensions send information to the attacker’s control server, creating a log of all clicks that is sent to third-party websites that can be used to collect personal information about users.
That information includes birth date, email addresses, device information, login times, names of devices, operating system, browser used and IP addresses.
On Thursday morning, the extensions were still available for download. Users who think they have downloaded one should disable and uninstall them immediately, then scan for and remove malware.
At the time of publishing, the infected extensions are still available for download. If you suspect you might have downloaded one, Avast researchers recommend disabling and uninstalling them immediately and then scan for and remove malware. They have also reported the issue to Microsoft and Google, who are looking into it.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply