28 extensions for Chrome that steal browsing history and personal information are found, up to 3 million victims including Facebook and Instagram users



Security company Avast announced on December 17, 2020 that it has identified 28 extensions for malicious Google Chrome and Microsoft Edge that have the ability to steal personal information. From the number of downloads of each extension, it is estimated that up to 3 million users have been affected.

Malicious Browser Extensions | Avast

https://blog.avast.com/malicious-browser-extensions-avast

Avast Press | Third Party Browser Extensions for Instagram, Facebook, Vimeo and Others Infected with Malware
https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware

Three million users installed 28 malicious Chrome or Edge extensions | ZDNet
https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/

Avast updated its official blog on December 17th, reporting that its security researchers have found a total of 28 malicious extensions on extension distribution sites for Chrome and Edge. These extensions pretend to allow content to be downloaded from sites such as Facebook, Instagram, Vimeo, and Spotify, and it is estimated that up to 3 million users may have been affected. I am.



According to the announcement, the 28 extensions identified this time contained malicious Javascript-based code that would cause the device to install malware. Others have the ability to send the URL of the link clicked in the browser to the attacker's server, replace the link with an arbitrary URL, and then redirect to the original link again. The information that the attacker stole from the victim by such a series of techniques included the date of birth, email address, device name, OS, browser used and its version, IP address, etc. It is known.

Avast malware researcher Jan Rubín said, 'Some of these extensions were released pre-loaded with malware, while others waited for them to become popular before they were updated with malware. It's possible that some were done, and it's possible that the original author sold the extension to someone else and the buyer later incorporated the malware. '

Also, according to another malware researcher, Jan Vojtěšek, some malware has a function to determine whether the user is a software developer from the search history etc. and refrain from malicious behavior if it is a developer. He said he had something. It is speculated that this was intended to hide the malicious extension from users who had the knowledge to detect malicious behavior.

Among the malicious extensions identified by Avast this time, 15 are for Chrome: Avast has already reported this to Google, and at the time of writing, all 15 have been removed from the Chrome Web Store.

Direct Message for Instagram
DM for Instagram
Invisible mode for Instagram Direct Message
Downloader for Instagram
App Phone for Instagram
Stories for Instagram
Universal Video Downloader
Video Downloader for FaceBook ™
Vimeo ™ Video Downloader
Zoomer for Instagram and FaceBook
VK UnBlock. Works fast.
Odnoklassniki UnBlock. Works quickly.
Upload photo to Instagram ™
Spotify Music Downloader
The New York Times News

In addition, the extensions for Edge are as follows. Of the 13 articles, only 2 were deleted at the time of article creation, and the rest can still be installed in the browser. An informant who commented on the IT news site ZDNet said, 'Microsoft has not been able to confirm the Avast report.'

Direct Message for Instagram ™
Instagram Download Video & Image
App Phone for Instagram
Universal Video Downloader
Video Downloader for FaceBook ™
Vimeo ™ Video Downloader
Volume Controller
Stories for Instagram
Upload photo to Instagram ™
Pretty Kitty, The Cat Pet
Video Downloader for YouTube
SoundCloud Music Downloader
Instagram App with Direct Message DM

Avast recommends that users who have downloaded the above extensions disable the extensions, uninstall them, and scan and remove malware with antivirus software .

in Security, Posted by log1l_ks