Avast: Three million users have installed 28 malicious add-ons on Chrome and Edge!
Security company Avast said that it believes that more than three million users have already installed 15 extensions for Chrome and 13 add-ons for Edge that contain dangerous malware, which can lead to violating users' privacy and stealing their data, as it redirects users to ads and then Phishing sites developed according to social engineering technology, collecting sensitive data such as birthdays, email addresses, and active devices, in addition to collecting browser history and downloading malware on users' devices, and the security team at Avast said that they believe that the primary goal of this is Programming is monetary gain after users are threatened, and Avast said it has discovered these extensions since last month and found evidence that some of them have been active since December 2018 when some users started reporting problems with redirecting them to other sites against their will.
Jan Robin, a malware researcher at Avast, said that they could not determine whether these extensions were created with malicious code from the beginning or were added through an update that later arrived on affected devices, and the strange thing is that some of these extensions have achieved fantastic fame with Tens of thousands of installs, some pretending to offer add-ons aimed at helping users download multimedia content from various social networks such as Facebook, Instagram and Vimeo, and Avast said it reported its findings to both Google and Microsoft regarding these extensions. Google did not send a request for comment to obtain additional information about the status of the investigation regarding the Avast report or whether the extensions will be removed while Microsoft confirmed that it is still investigating the matter, and the day after Avast published the results it I came up with it, three have already been removedOnly of the 15 Chrome extensions while all the others for Edge remained available for download as a source familiar with the matter confirmed that Microsoft was unable to confirm Avast's report on them.
Avast has recommended that users uninstall and remove extensions on their browsers, and here is a list of Chrome extensions that Avast said contain malicious instructions and code:
- Direct Message for Instagram
- DM for Instagram
- Invisible mode for Instagram Direct Message
- Downloader for Instagram
- App Phone for Instagram
- Stories for Instagram
- Universal Video Downloader
- Video Downloader for FaceBook ™
- Vimeo ™ Video Downloader
- Zoomer for Instagram and FaceBook
- VK UnBlock. Works fast.
- Odnoklassniki UnBlock. Works quickly.
- Upload photo to Instagram ™
- Spotify Music Downloader
- The New York Times News
List of Edge extensions that Avast said it found contain malicious code:
- Direct Message for Instagram ™
- Instagram Download Video & Image
- App Phone for Instagram
- Universal Video Downloader
- Video Downloader for FaceBook ™
- Vimeo ™ Video Downloader
- Volume Controller
- Stories for Instagram
- Upload photo to Instagram ™
- Pretty Kitty, The Cat Pet Video Downloader for YouTube
- SoundCloud Music Downloader
- Instagram App with Direct Message DM