Threat Intelligence researchers from Avast have identified malware hidden in at least 28 third party Google Chrome and Microsoft Edge extensions associated with some of the world’s most popular platforms. The malware redirected user’s traffic to ads or phishing sites and to steal people’s personal data, such as birth dates, email addresses, and active devices.
Malicious code in the Javascript-based extensions
According to the app stores’ download numbers, around three million people may be affected worldwide. The researchers have identified malicious code in the Javascript-based extensions that allow the extensions to download further malware onto a user’s PC.
The extensions which aid users in downloading videos from these platforms include video downloader for Facebook, Vimeo video downloader, Instagram story downloader, VK Unblock, and other browser extensions on the Google Chrome Browser, and some on Microsoft Edge Browser.
Users have also reported that these extensions are manipulating their internet experience and redirecting them to other websites. The actors also exfiltrate and collect the user’s birth dates, email addresses, and device information, including first sign-in time, last login time, name of the device, operating system, used browser and its version, even IP addresses.
For every redirection to a third-party domain, the cybercriminals would receive a payment. Meanwhile, the extension also has the capability to redirect users to ads or phishing sites. At this moment, the infected extensions are still available for download. Both Microsoft and Google confirmed they are currently looking into the issue. Avast recommends users disable or uninstall the extensions for now until the problem is resolved and then scan for and remove the malware.