- Over 28 fake extensions disguised as aids for Facebook, Instagram, Vimeo, and others are infecting Google Chrome and Edge browsers with malware.
- A report by Avast Intelligence Security estimates that over 3 million people around the world have been affected by these malicious extensions capable of redirecting URLs, collecting personal information, and tracking your location.
- Google and Microsoft are currently investigating the issue, but the extensions remain available on the Chrome Web Store and the Microsoft Edge Add-ons portal.
Immensely popular and innocently disguised Facebook, Vimeo and Instagram extensions on your web browser may actually be malware, according to the internet security provider
Avast. Especially if you’re a part of the majority using Google Chrome.
| Browser | Number of malicious extensions |
| Google Chrome | 15 |
| Edge | 13 |
The malware is affecting around three million people around the world as per install numbers and can ‘hijack’ your URL. It means that the extension can track every time you click on a new link and alert the hacker. The hacker then has the option to redirect you to a new URL of his choosing, rather than sending you to your real destination.
And, as with most crimes, there’s a monetary motive at play. Redirecting user traffic to ads and phishing sites by the millions can yield a pretty steady income stream. "For every redirection to a third party domain, the cybercriminals would receive a payment," said the report by Avast Threat Intelligence.
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More
Even though the end goal is getting more revenue off of ads, the malicious extensions on Google Chrome and Edge are capable of collecting data as well.
According to Avast, these extensions can collect personal data like birth dates, email addresses, and device information. This includes even the most minute details like first sign-in time, last login time, name of the device, operating system, used browser and its version, and even IP addresses.
Stealing an IP address or knowing your login time may not seem like a big deal. But, collectively, that information points to your approximate geographical location as well as your daily routine.
Even though Avast only discovered these extensions a month ago, evidence indicates that some of them have been on the rampage since at least December 2018.
"Our hypothesis is that either the extensions were deliberately created with the malware built-in, or the author waited for the extensions to become popular, and then pushed an update containing the malware," said Avast malware researcher
Jan Rubín explaining that the origin story of these extensions remains elusive.
"It could also be that the author sold the original extensions to someone else after creating them, and then the buyer introduced the malware afterwards," Rubin added.
Microsoft and Google are currently looking into Avast's findings but, for now, these extensions remain available on the Chrome Web Store and the Microsoft Edge Add-ons portal.
Full list of extensions infected with Malware on Google Chrome and Edge:- Direct Message for Instagram
- Direct Message for Instagram™
- DM for Instagram
- Invisible mode for Instagram Direct Message
- Downloader for Instagram
- Instagram Download Video & Image
- App Phone for Instagram
- App Phone for Instagram
- Stories for Instagram
- Universal Video Downloader
- Universal Video Downloader
- Video Downloader for FaceBook™
- Video Downloader for FaceBook™
- Vimeo™ Video Downloader
- Vimeo™ Video Downloader
- Volume Controller
- Zoomer for Instagram and FaceBook
- VK UnBlock. Works fast.
- Odnoklassniki UnBlock. Works quickly.
- Upload photo to Instagram™
- Spotify Music Downloader
- Stories for Instagram
- Upload photo to Instagram™
- Pretty Kitty, The Cat Pet
- Video Downloader for YouTube
- SoundCloud Music Downloader
- The New York Times News
- Instagram App with Direct Message DM
SEE ALSO:Zuckerberg spoke to Ambani but there was no chemistry — even with a multi-million dollar partnership between them
After 55 years, India will inaugurate a new railway line with Bangladesh to save its ‘Chicken’s Neck’ from China
Supercomputer shows tropical cyclones hitting India are going get more destructive — that is until the flooding starts
Next Story
I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
Colon cancer rates are rising in young people. If you have two symptoms you should get a colonoscopy, a GI oncologist says.
Markets extend gains for 5th session; Sensex revisits 74k
Top 10 tourist places to visit in Darjeeling in 2024
India's forex reserves sufficient to cover 11 months of projected imports
ITC plans to open more hotels overseas: CMD Sanjiv Puri
7 Indian dishes that are extremely rich in calcium
