Avast experts reported 28 very popular Chrome and Edge extensions, which together infected over 3 million devices.
According to the Avast report, 15 Chrome extensions and 16 Microsoft Edge extensions were used for clandestine operations aimed at intercepting personal data (eg email addresses and birth dates, list and signature of active devices), displaying unrelated ads visited, redirecting users to phishing sites and more.
Moreover, the 28 extensions could access browsing history and install other malware on users’ devices.
To look more convincing, the authors of the extensions chose names that mentioned well-known brands such as Spotify, Instagram and the New York Times. Identified by Avast only last month, some of the infected extensions were active since December 2018, accumulating millions of installations. In addition, these extensions covered a wide range of services, such as messaging platforms and music streaming services.
What are the 28 infected Chrome and Edge extensions:
Direct Message for Instagram (Chrome)
Direct Message for Instagram (Edge)
DM for Instagram
Invisible mode for Instagram Direct Message
Downloader for Instagram
Instagram Download Video & Image
App Phone for Instagram (Chrome)
App Phone for Instagram (Edge)
Stories for Instagram
Universal Video Downloader (Chrome)
Universal Video Downloader (Edge)
Video Downloader for FaceBook (Chrome)
Video Downloader for FaceBook (Edge)
Vimeo Video Downloader (Chrome)
Vimeo Video Downloader (Edge)
Volume Controller
Zoomer for Instagram and FaceBook
VK UnBlock. Works fast.
Odnoklassniki UnBlock. Works quickly.
Upload photo to Instagram
Spotify Music Downloader
Stories for Instagram
Upload photo to Instagram
Pretty Kitty, The Cat Pet
Video Downloader for YouTube
SoundCloud Music Downloader
The New York Times News
Instagram App with Direct Message DM
It is unclear at this time whether these extensions incorporated infected code from the beginning, or were modified at a later date by applying automatic updates, with the authors waiting to reach a level of popularity that would allow them to make a consistent profit in the shortest possible time. .
Avast researchers believe that the main goal of the entire campaign is to hijack and use user traffic for money. That is, for each user redirected to third-party domains, cybercriminals would receive a share.
