The 28 malicious extensions identified by Avast include downloaders for Facebook videos and Instagram stories.
The malware in the extensions is designed to redirected user’s traffic to ads or phishing sites
Photo Credit: Avast
Google Chrome and Microsoft Edge extensions containing malware have been downloaded by around 3 million users, security research firm Avast claims. Its researchers say that they were able to identify at least 28 extensions available on Chrome and Edge browsers that contained malware. These add-ons were billed to facilitate downloading pictures, videos, or other content from platforms such as Facebook, Instagram, Vimeo, and Spotify. The malware in the extensions reportedly redirected users to ads or phishing sites and stole their personal data.
In a blog post, researchers from Avast said that they identified malicious code in the JavaScript-based extensions in both Google Chrome and Microsoft Edge browsers. These allowed the extensions to download further malware onto users' systems. By taking into account the number of downloads from Google and Microsoft Web stores, the researchers claim that around three million people may have been affected worldwide.
“Users have also reported that these [Google Chrome and Microsoft Edge] extensions are manipulating their Internet experience and redirecting them to other websites. Anytime a user clicks on a link, the extensions send information about the click to the attacker's control server, which can optionally send a command to redirect the victim from the real link target to a new hijacked URL before later redirecting them to the actual website they wanted to visit. User's privacy is compromised by this procedure since a log of all clicks is being sent to these third-party intermediary websites,” the researchers said.
The malware in both Google Chrome and Microsoft Edge browser extensions stole people's personal data such as birth dates, email addresses, and active devices, the researchers claim. “The actors also exfiltrate and collect the user's birth dates, email addresses, and device information, including first sign in time, last login time, name of the device, operating system, used browser and its version, even IP addresses (which could be used to find the approximate geographical location of the user),” the researchers added.
Avast researchers believe that the objective behind this is to monetise the traffic. For every redirection to a third-party domain, the cybercriminals would receive a payment. They also believe that even though the Avast Threat Intelligence team had started monitoring the threat in November 2020, the malware in Google Chrome and Microsoft Edge browser extensions could have been active for years without anyone noticing.
“The extensions' backdoors are well-hidden and the extensions only start to exhibit malicious behavior days after installation, which made it hard for any security software to discover,” said Jan Rubín, Malware Researcher at Avast. The blog post was published on December 16 and researchers said that the infected Google Chrome and Microsoft Edge extensions were still available for download at the time of publishing.
Which is the bestselling Vivo smartphone in India? Why has Vivo not been making premium phones? We interviewed Vivo's director of brand strategy Nipun Marya to find out, and to talk about the company's strategy in India going forward. We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.