Avast found 28 malicious extensions in Chrome and Edge browsers with three million users

Avast found 28 malicious extensions in Chrome and Edge browsers with three million users

Researchers from Avast, a well-known antivirus software company, discovered 28 malicious extensions in the browser extension stores of Google and Microsoft, affecting as many as three million users.

These malicious extensions disguise as tools to help users download content from social media such as Facebook and Instagram or streaming media platforms such as Vimeo and Spotify. However, the malicious code in them allows downloading malicious programs to steal sensitive user data and redirect to ads and phishing websites.

Chrome malicious extensions

When a user clicks on a URL, these extensions will send the information to the attacker’s server, which sends an instruction to redirect the victim from the real link target to a hijacked URL, then redirects them to the website they want to visit, the user’s privacy is stolen in this process. The attacker will also infiltrate and collect sensitive information such as the user’s date of birth, email address, device information, login time, and even IP address.

Avast began monitoring this threat in November 2020, but it believes that these malicious extensions have been active for many years, but no one has noticed it. It can be seen from user reviews in the Chrome Web Store that as early as 2018, “The extensions’ backdoors are well-hidden and the extensions only start to exhibit malicious behavior days after installation, which made it hard for any security software to discover.”
However, some malicious programs also have the ability to “hide itself“, so they are quite difficult to detect. Currently, these malicious extensions can still be downloaded. Avast said it has contacted Microsoft and Google Chrome, and has been confirmed by each other, and is currently studying this issue. Avast also recommends that users temporarily disable or uninstall these extensions.

The list of detected extensions affected is below: