28 extensions for Chrome that steal browsing history and personal information are found, up to 3 million victims including Facebook and Instagram users
Security company Avast announced on December 17, 2020 that it has identified 28 extensions for malicious Google Chrome and Microsoft Edge that have the ability to steal personal information. From the number of downloads of each extension, it is estimated that up to 3 million users have been affected.
Malicious Browser Extensions | Avast
Avast Press | Third Party Browser Extensions for Instagram, Facebook, Vimeo and Others Infected with Malware
https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware
Three million users installed 28 malicious Chrome or Edge extensions | ZDNet
https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/
Avast updated its official blog on December 17th, reporting that its security researchers have found a total of 28 malicious extensions on extension distribution sites for Chrome and Edge. These extensions pretend to allow content to be downloaded from sites such as Facebook, Instagram, Vimeo, and Spotify, and it is estimated that up to 3 million users may have been affected. I am.
According to the announcement, the 28 extensions identified this time contained malicious Javascript-based code that would cause the device to install malware. Others have the ability to send the URL of the link clicked in the browser to the attacker's server, replace the link with an arbitrary URL, and then redirect to the original link again. The information that the attacker stole from the victim by such a series of techniques included the date of birth, email address, device name, OS, browser used and its version, IP address, etc. It is known.
Avast malware researcher Jan Rubín said, 'Some of these extensions were released pre-loaded with malware, while others waited for them to become popular before they were updated with malware. It's possible that some were done, and it's possible that the original author sold the extension to someone else and the buyer later incorporated the malware. '
Also, according to another malware researcher, Jan Vojtěšek, some malware has a function to determine whether the user is a software developer from the search history etc. and refrain from malicious behavior if it is a developer. He said he had something. It is speculated that this was intended to hide the malicious extension from users who had the knowledge to detect malicious behavior.
Among the malicious extensions identified by Avast this time, 15 are for Chrome: Avast has already reported this to Google, and at the time of writing, all 15 have been removed from the Chrome Web Store.
・Direct Message for Instagram
・DM for Instagram
・Invisible mode for Instagram Direct Message
・Downloader for Instagram
・App Phone for Instagram
・Stories for Instagram
・Universal Video Downloader
・Video Downloader for FaceBook ™
・Vimeo ™ Video Downloader
・Zoomer for Instagram and FaceBook
・VK UnBlock. Works fast.
・Odnoklassniki UnBlock. Works quickly.
・Upload photo to Instagram ™
・Spotify Music Downloader
・The New York Times News
In addition, the extensions for Edge are as follows. Of the 13 articles, only 2 were deleted at the time of article creation, and the rest can still be installed in the browser. An informant who commented on the IT news site ZDNet said, 'Microsoft has not been able to confirm the Avast report.'
・Direct Message for Instagram ™
・Instagram Download Video & Image
・App Phone for Instagram
・Universal Video Downloader
・Video Downloader for FaceBook ™
・Vimeo ™ Video Downloader
・Volume Controller
・Stories for Instagram
・Upload photo to Instagram ™
・Pretty Kitty, The Cat Pet
・Video Downloader for YouTube
・SoundCloud Music Downloader
・Instagram App with Direct Message DM
Avast recommends that users who have downloaded the above extensions disable the extensions, uninstall them, and scan and remove malware with antivirus software .
Related Posts:
in Security, Posted by log1l_ks