Friday, July 23, 2021

Chrome and Microsoft Edge Malicious extensions hit 30 lakh Users

Must Read

Emotet Returns as Top Malware Threat in December

The notorious Emotet Trojan is back on peak of the malware graphs, having had a makeover designed to make...

In Moscow, hackers hacked PickPoint Online Order Delivery Service checkpoints

Hackers attacked the checkpoints of this PickPoint online order shipping agency in Russia's capital Moscow. The accounts concerning the...

Hacker leaks data of MeetMindful dating site

The data belongs to the MeetMindful dating site and includes everything from real names to Facebook account tokens and...

Threat Intelligence researchers from cybersecurity firm Avast have identified malware hidden in at least 28 third-party Google Chrome and Microsoft Edge extensions that may have affected 30 lakh users worldwide.

Three million Google Chrome and Microsoft Edge users could be at risk of data theft and phishing after researchers discovered malware hidden in multiple browser extensions.

The 28 malicious extensions identified by Avast include downloaders for Facebook videos and Instagram stories.

Avast claimed the end goal for those behind the scheme could be to monetize traffic by forcing users to visit third-party sites, which they then get paid for, although users could also end up on phishing sites.

The malware has the functionality to redirect user’s traffic to ads or phishing sites and to steal people’s data, such as birth dates, email addresses, and active devices.

“Anytime a user clicks on a link, the extensions send information about the click to the attacker’s control server, which can optionally send a command to redirect the victim from the real link target to a new hijacked URL before later redirecting them to the actual website they wanted to visit,” the Prague-based security vendor explained.

According to the app stores’ download numbers, around 30 lakh people may be affected worldwide.

The apps reported by Avast are:

  • Direct Message for Instagram
  • Direct Message for Instagram
  • DM for Instagram
  • Invisible mode for Instagram Direct Message
  • Downloader for Instagram
  • Instagram Download Video & Image
  • App Phone for Instagram
  • App Phone for Instagram
  • Stories for Instagram
  • Universal Video Downloader
  • Universal Video Downloader
  • Video Downloader for Facebook
  • Video Downloader for Facebook
  • Vimeo Video Downloader
  • Vimeo Video Downloader
  • Volume Controller
  • Zoomer for Instagram and Facebook
  • VK UnBlock. Works fast.
  • Odnoklassniki UnBlock. Works quickly.
  • Upload photo to Instagram
  • Spotify Music Downloader
  • Stories for Instagram
  • Upload photo to Instagram
  • Pretty Kitty, The Cat Pet
  • Video Downloader for YouTube
  • SoundCloud Music Downloader
  • The New York Times News
  • Instagram App with Direct Message DM

Avast researchers believe that the objective behind this is to monetize the traffic. For every redirection to a third-party domain, the cybercriminals would receive a payment.

They also believe that even though the Avast Threat Intelligence team had started monitoring the threat in November 2020, the malware in Google Chrome and Microsoft Edge browser extensions could have been active for years without anyone noticing.

At present, it’s unclear whether the extensions were built deliberately with malware concealed within, or if malicious actors waited for them to become popular and then pushed a malware-laden update.

Users have also reported that these extensions are manipulating their internet experience and redirecting them to other websites.

Although Avast first detected the threat in November, the vendor admitted it could have been active for years.

“There are reviews on the Chrome Web Store mentioning link hijacking from as far back as December 2018,” Rubin added.

“The extensions’ backdoors are well-hidden and the extensions only start to exhibit malicious behavior days after installation, which made it hard for any security software to discover,” said Jan Rubín, Malware Researcher at Avast.

The blog post was published on December 16 and researchers said that the infected Google Chrome and Microsoft Edge extensions were still available for download at the time of publishing.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This