Malicious Chrome, Edge extensions with 3M installs still in stores

silversurfer

Level 70
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
5,984
Malicious Chrome and Edge browser extensions with over 3 million installs, most of them still available on the Chrome Web Store and the Microsoft Edge Add-ons portal, are capable of stealing users' info and redirecting them to phishing sites.

The malware-laced extensions found by Avast Threat Intelligence researchers are designed to look like helper add-ons for Instagram, Facebook, Vimeo, and other high-profile online platforms.
While Avast spotted the extensions in November 2020, they estimate that they could have been used for malicious purposes for years given that some Chrome Web Store reviewers have reported link hijacking starting with December 2018.
Malicious code for delivering additional malware payloads on the users' systems was also detected by Avast researchers.

"Anytime a user clicks on a link, the extensions send information about the click to the attacker’s control server, which can optionally send a command to redirect the victim from the real link target to a new hijacked URL before later redirecting them to the actual website they wanted to visit," the report says.
"The actors also exfiltrate and collect the user’s birth dates, email addresses, and device information, including first sign in time, last login time, name of the device, operating system, used browser and its version, even IP addresses (which could be used to find the approximate geographical location history of the user)."
The full list of malicious Chrome and Edge extensions found by Avast, some of them still available for download, can be found below.
• Direct Message for Instagram
• Direct Message for Instagram™
• DM for Instagram
• Invisible mode for Instagram Direct Message
• Downloader for Instagram (1,000,000+ users)
Instagram Download Video & Image
• App Phone for Instagram
• App Phone for Instagram
• Stories for Instagram
• Universal Video Downloader
• Universal Video Downloader
• Video Downloader for FaceBook™
• Video Downloader for FaceBook™
• Vimeo™ Video Downloader (500,000+ users)
Vimeo™ Video Downloader
• Volume Controller
• Zoomer for Instagram and FaceBook
• VK UnBlock. Works fast.
• Odnoklassniki UnBlock. Works quickly.
• Upload photo to Instagram™
• Spotify Music Downloader
• Stories for Instagram
• Upload photo to Instagram™
• Pretty Kitty, The Cat Pet
• Video Downloader for YouTube
• SoundCloud Music Downloader
• The New York Times News
• Instagram App with Direct Message DM
 

Gandalf_The_Grey

Level 45
Verified
Trusted
Content Creator
Apr 24, 2016
3,420
This (again) makes the point for limiting the number of extensions that you use to a few well-known ones!

An ad-blocker (AdGuard), a password manager (Bitwarden), a spelling and grammarchecker (MS Editor) and 1 security extension (Bitdefender TrafficLight) are the extensions I use now.
 

Eggnog

Level 3
Mar 21, 2018
106
This (again) makes the point for limiting the number of extensions that you use to a few well-known ones!

An ad-blocker (AdGuard), a password manager (Bitwarden), a spelling and grammarchecker (MS Editor) and 1 security extension (Bitdefender TrafficLight) are the extensions I use now.
This is what I have minus the spelling and grammar checker.
 
Top