- Over 28 fake extensions disguised as aids for
Facebook ,Instagram ,Vimeo , and others are infectingGoogle Chrome and Edge browsers withmalware . - A report by Avast Intelligence Security estimates that over 3 million people around the world have been affected by these malicious extensions capable of redirecting URLs, collecting
personal information , and tracking your location. - Google and Microsoft are currently investigating the issue, but the extensions remain available on the Chrome Web Store and the Microsoft Edge Add-ons portal.
The malware is affecting around three million people around the world as per install numbers and can ‘hijack’ your URL. It means that the extension can track every time you click on a new link and alert the hacker. The hacker then has the option to redirect you to a new URL of his choosing, rather than sending you to your real destination.
And, as with most crimes, there’s a monetary motive at play. Redirecting user traffic to ads and phishing sites by the millions can yield a pretty steady income stream. "For every redirection to a third party domain, the cybercriminals would receive a payment," said the report by Avast Threat Intelligence.
Malware extensions are tracking everything you do online
Even though the end goal is getting more revenue off of ads, the malicious extensions on Google Chrome and Edge are capable of collecting data as well.
According to Avast, these extensions can collect personal data like birth dates, email addresses, and device information. This includes even the most minute details like first sign-in time, last login time, name of the device, operating system, used browser and its version, and even IP addresses.
Stealing an IP address or knowing your login time may not seem like a big deal. But, collectively, that information points to your approximate geographical location as well as your daily routine.
Even though Avast only discovered these extensions a month ago, evidence indicates that some of them have been on the rampage since at least December 2018.
"Our hypothesis is that either the extensions were deliberately created with the malware built-in, or the author waited for the extensions to become popular, and then pushed an update containing the malware," said Avast malware researcher $4 explaining that the origin story of these extensions remains elusive.
"It could also be that the author sold the original extensions to someone else after creating them, and then the buyer introduced the malware afterwards," Rubin added.
Microsoft and Google are currently looking into Avast's findings but, for now, these extensions remain available on the Chrome Web Store and the Microsoft Edge Add-ons portal.
Full list of extensions infected with Malware on Google Chrome and Edge:
- Direct Message for Instagram
- Direct Message for Instagram™
- DM for Instagram
- Invisible mode for Instagram Direct Message
- Downloader for Instagram
- Instagram Download Video & Image
- App Phone for Instagram
- App Phone for Instagram
- Stories for Instagram
- Universal Video Downloader
- Universal Video Downloader
- Video Downloader for FaceBook™
- Video Downloader for FaceBook™
- Vimeo™ Video Downloader
- Vimeo™ Video Downloader
- Volume Controller
- Zoomer for Instagram and FaceBook
- VK UnBlock. Works fast.
- Odnoklassniki UnBlock. Works quickly.
- Upload photo to Instagram™
- Spotify Music Downloader
- Stories for Instagram
- Upload photo to Instagram™
- Pretty Kitty, The Cat Pet
- Video Downloader for YouTube
- SoundCloud Music Downloader
- The New York Times News
- Instagram App with Direct Message DM
$4
Supercomputer shows tropical cyclones hitting India are going get more destructive — that is until the flooding starts>$4