Researchers at Avast has found 28 malicious browser extensions from both Chrome and Edge, that are hijacking users’ traffic. They said, these extensions combined have over 3 million installations, and were also involved in redirecting traffic to phishing sites, ads, logging searches and even setting backdoors for further payloads.
28 Vulnerable Extensions with Over 3 Million Installations
Browser extensions are one way of hacking into people’s machines for lucrative purposes. As Avast Threat researchers found out, 15 extensions from Chrome Web Store and 13 from Microsoft’s Edge Add-ons, were involved in various malicious purposes to date.
They named the entire list of these identified browser extensions, and most of them disguised as helpers for popular social media platforms like Facebook, Vimeo, Instagram, etc. Also, some of them are even existing since 2018, where some users reported them as malicious for link hijacking.
These extensions grab the data of users’ actions in the browser and send them to hackers C2. They’d then received commands for rerouting the user to another URL where a phishing page is hosted or ads are served, before taking him to the actual website. Here, they’re intended for making money off such URL redirections.
Also, there are some extensions that are collecting PII like the user’s email addresses, birth dates, device information, login times, OS and browser versions, and IP addresses. These can be used for learning more about the user, and possibly be locating him to an exact point. Also, there are some extensions seen planting backdoors for bringing future payloads.
Also Read- User Accuses Microsoft Edge to be a Malware
Researchers say these extensions are well hidden and make it very hard for antivirus engines to detect. It’s unknown how they’re turning malicious, as researchers think of sending an update after installing the extension or waiting until it becomes popular to start sniffing.
However, they reported to both Google and Microsoft about them, and they’re currently investigating them before removing them. Until then, disabling these extensions is recommended. Here’s the list;
Below is the list of Chrome extensions that Avast said it found to contain malicious code in Chrome browser;
- Direct Message for Instagram
- DM for Instagram
- Invisible mode for Instagram Direct Message
- Downloader for Instagram
- App Phone for Instagram
- Stories for Instagram
- Universal Video Downloader
- Video Downloader for FaceBookâ„¢
- Vimeoâ„¢ Video Downloader
- Zoomer for Instagram and FaceBook
- VK UnBlock. Works fast.
- Odnoklassniki UnBlock. Works quickly.
- Upload photo to Instagramâ„¢
- Spotify Music Downloader
- The New York Times News
In Edge browser;
- Direct Message for Instagramâ„¢
- Instagram Download Video & Image
- App Phone for Instagram
- Universal Video Downloader
- Video Downloader for FaceBookâ„¢
- Vimeoâ„¢ Video Downloader
- Volume Controller
- Stories for Instagram
- Upload photo to Instagramâ„¢
- Pretty Kitty, The Cat Pet
- Video Downloader for YouTube
- SoundCloud Music Downloader
- Instagram App with Direct Message DM
Also Read- Google Removed 500+ Extensions From Chrome Store Citing Malvertising
