It is estimated that over three million internet users have 15 Chrome and 13 Edge extensions that contain malicious code enabled, Avast said today.
There was malware in the 28 extensions that could execute many malicious operations. Avast said that it had found a code for:
- Redirect traffic from users to advertisements
- Redirect traffic from browsers to phishing pages
- Collect personal information such as dates of birth, email addresses, and activated devices
- Collect the history of browsing
- On a user’s laptop, download more malware
But Avast researchers said they suspect that the primary goal of this effort was to hijack consumer traffic for monetary gain, despite the availability of code to monitor all the above malicious features.
The company said that the cybercriminals will obtain a payment for each redirection to a third-party site.
Avast said last month it identified the extensions and found proof that some have been operating since at least December 2018, when some users first began having problems with being diverted to other pages.
Jan Rubín, Avast’s Malware Researcher, said that if the extensions were generated with malicious code from the beginning or if the code was introduced in an upgrade after each extension passed a popularity stage, they did not decide.
And many extensions, with tens of thousands of installations, have become very common. By acting as add-ons to help users import digital material from different social networks such as Facebook, Instagram, Vimeo, or Spotify, several have done so.
Avast said it had submitted its findings to both Google and Microsoft and that the extensions were already being reviewed by both firms.
Google and Microsoft did not return a request for comment requesting more clarification on the state of their investigation into Avast’s article or whether the extensions were going to be withdrawn.
The list of Chrome extensions that Avast said contains malicious code is below:
- Direct Message for Instagram
- DM for Instagram
- Invisible mode for Instagram Direct Message
- Downloader for Instagram
- App Phone for Instagram
Below is the list of extensions to Edge that Avast said it considered to contain malicious code:
- Direct Message for Instagram™
- Instagram Download Video & Image
- App Phone for Instagram
- Universal Video Downloader
- Video Downloader for FaceBook™
