Fake Instagram, Facebook, and Vimeo extensions on Google Chrome can ‘hijack’ your URL, steal personal information and track your location

Fake Instagram, Facebook, and Vimeo extensions on Google Chrome can ‘hijack’ your URL, steal personal information and track your location
Fake Instagram, Facebook, and Vimeo extensions on Google Chrome are infected with malware affecting three million people worldwide, according to a repot by Avast Threat IntelligencePixabay
  • Over 28 fake extensions disguised as aids for Facebook, Instagram, Vimeo, and others are infecting Google Chrome and Edge browsers with malware.
  • A report by Avast Intelligence Security estimates that over 3 million people around the world have been affected by these malicious extensions capable of redirecting URLs, collecting personal information, and tracking your location.
  • Google and Microsoft are currently investigating the issue, but the extensions remain available on the Chrome Web Store and the Microsoft Edge Add-ons portal.
Immensely popular and innocently disguised Facebook, Vimeo and Instagram extensions on your web browser may actually be malware, according to the internet security provider Avast. Especially if you’re a part of the majority using Google Chrome.

BrowserNumber of malicious extensions
Google Chrome15

The malware is affecting around three million people around the world as per install numbers and can ‘hijack’ your URL. It means that the extension can track every time you click on a new link and alert the hacker. The hacker then has the option to redirect you to a new URL of his choosing, rather than sending you to your real destination.

And, as with most crimes, there’s a monetary motive at play. Redirecting user traffic to ads and phishing sites by the millions can yield a pretty steady income stream. "For every redirection to a third party domain, the cybercriminals would receive a payment," said the report by Avast Threat Intelligence.
Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

Malware extensions are tracking everything you do online
Even though the end goal is getting more revenue off of ads, the malicious extensions on Google Chrome and Edge are capable of collecting data as well.

According to Avast, these extensions can collect personal data like birth dates, email addresses, and device information. This includes even the most minute details like first sign-in time, last login time, name of the device, operating system, used browser and its version, and even IP addresses.

Stealing an IP address or knowing your login time may not seem like a big deal. But, collectively, that information points to your approximate geographical location as well as your daily routine.

Even though Avast only discovered these extensions a month ago, evidence indicates that some of them have been on the rampage since at least December 2018.

"Our hypothesis is that either the extensions were deliberately created with the malware built-in, or the author waited for the extensions to become popular, and then pushed an update containing the malware," said Avast malware researcher Jan Rubín explaining that the origin story of these extensions remains elusive.

"It could also be that the author sold the original extensions to someone else after creating them, and then the buyer introduced the malware afterwards," Rubin added.

Microsoft and Google are currently looking into Avast's findings but, for now, these extensions remain available on the Chrome Web Store and the Microsoft Edge Add-ons portal.

Full list of extensions infected with Malware on Google Chrome and Edge:
  1. Direct Message for Instagram
  2. Direct Message for Instagram™
  3. DM for Instagram
  4. Invisible mode for Instagram Direct Message
  5. Downloader for Instagram
  6. Instagram Download Video & Image
  7. App Phone for Instagram
  8. App Phone for Instagram
  9. Stories for Instagram
  10. Universal Video Downloader
  11. Universal Video Downloader
  12. Video Downloader for FaceBook™
  13. Video Downloader for FaceBook™
  14. Vimeo™ Video Downloader
  15. Vimeo™ Video Downloader
  16. Volume Controller
  17. Zoomer for Instagram and FaceBook
  18. VK UnBlock. Works fast.
  19. Odnoklassniki UnBlock. Works quickly.
  20. Upload photo to Instagram™
  21. Spotify Music Downloader
  22. Stories for Instagram
  23. Upload photo to Instagram™
  24. Pretty Kitty, The Cat Pet
  25. Video Downloader for YouTube
  26. SoundCloud Music Downloader
  27. The New York Times News
  28. Instagram App with Direct Message DM
SEE ALSO:Zuckerberg spoke to Ambani but there was no chemistry — even with a multi-million dollar partnership between them

After 55 years, India will inaugurate a new railway line with Bangladesh to save its ‘Chicken’s Neck’ from China

Supercomputer shows tropical cyclones hitting India are going get more destructive — that is until the flooding starts