Malicious Chrome, Edge extensions with 3M installs still in stores

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Malicious Chrome and Edge browser extensions with over 3 million installs, most of them still available on the Chrome Web Store and the Microsoft Edge Add-ons portal, are capable of stealing users' info and redirecting them to phishing sites.

The malware-laced extensions found by Avast Threat Intelligence researchers are designed to look like helper add-ons for Instagram, Facebook, Vimeo, and other high-profile online platforms.
While Avast spotted the extensions in November 2020, they estimate that they could have been used for malicious purposes for years given that some Chrome Web Store reviewers have reported link hijacking starting with December 2018.
Malicious code for delivering additional malware payloads on the users' systems was also detected by Avast researchers.

"Anytime a user clicks on a link, the extensions send information about the click to the attacker’s control server, which can optionally send a command to redirect the victim from the real link target to a new hijacked URL before later redirecting them to the actual website they wanted to visit," the report says.
"The actors also exfiltrate and collect the user’s birth dates, email addresses, and device information, including first sign in time, last login time, name of the device, operating system, used browser and its version, even IP addresses (which could be used to find the approximate geographical location history of the user)."
The full list of malicious Chrome and Edge extensions found by Avast, some of them still available for download, can be found below.
• Direct Message for Instagram
• Direct Message for Instagram™
• DM for Instagram
• Invisible mode for Instagram Direct Message
• Downloader for Instagram (1,000,000+ users)
Instagram Download Video & Image
• App Phone for Instagram
• App Phone for Instagram
• Stories for Instagram
• Universal Video Downloader
• Universal Video Downloader
• Video Downloader for FaceBook™
• Video Downloader for FaceBook™
• Vimeo™ Video Downloader (500,000+ users)
Vimeo™ Video Downloader
• Volume Controller
• Zoomer for Instagram and FaceBook
• VK UnBlock. Works fast.
• Odnoklassniki UnBlock. Works quickly.
• Upload photo to Instagram™
• Spotify Music Downloader
• Stories for Instagram
• Upload photo to Instagram™
• Pretty Kitty, The Cat Pet
• Video Downloader for YouTube
• SoundCloud Music Downloader
• The New York Times News
• Instagram App with Direct Message DM
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
This (again) makes the point for limiting the number of extensions that you use to a few well-known ones!

An ad-blocker (AdGuard), a password manager (Bitwarden), a spelling and grammarchecker (MS Editor) and 1 security extension (Bitdefender TrafficLight) are the extensions I use now.
 

Eggnog

Level 3
Verified
Well-known
Mar 21, 2018
108
This (again) makes the point for limiting the number of extensions that you use to a few well-known ones!

An ad-blocker (AdGuard), a password manager (Bitwarden), a spelling and grammarchecker (MS Editor) and 1 security extension (Bitdefender TrafficLight) are the extensions I use now.
This is what I have minus the spelling and grammar checker.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top