Cybersecurity experts estimate that around three million Internet users have downloaded some of the 28 malicious extensions for newly detected Chrome and Edge browsers. A report published by Avast mentions that extensions were infected with malicious code that would allow threat actors to deploy multiple attacks.
Researchers found all kinds of malicious code in these extensions. Hackers were able to deploy a variety of attacks, including:
- Redirecting user traffic to ad-infested sites
- Redirecting user traffic to phishing sites
- Collection of personal data
- Data collection in browsing history
- Additional malware download to the affected device
Although these extensions are infested with high malicious capabilities, researchers believe that the main goal of the campaign operators is to hijack traffic to a third-party domain, a relatively easy way to generate advertising revenue.
In his report, Avast mentions that the extensions were detected last month, finding evidence that some had been active since at least 2018. Experts were unable to specify whether these extensions were created for hacking purposes or if the malicious code was subsequently injected by threat actors.
This second scenario is highly likely, as these extensions were very popular. Avast confirmed its findings to Microsoft and Google, so both companies are investigating the reported extensions. Below are the Chrome extensions that were reported:
- Direct Message for Instagram
- DM for Instagram
- Invisible mode for Instagram Direct Message
- Downloader for Instagram
- App Phone for Instagram
- Stories for Instagram
- Universal Video Downloader
- Video Downloader for FaceBook™
- Vimeo™ Video Downloader
- Zoomer for Instagram and FaceBook
- VK UnBlock. Works fast.
- Odnoklassniki UnBlock. Works quickly.
- Upload photo to Instagram™
- Spotify Music Downloader
- The New York Times News
On the other hand, these are the extensions for Microsoft Edge in the report:
- Direct Message for Instagram™
- Instagram Download Video & Image
- App Phone for Instagram
- Universal Video Downloader
- Video Downloader for FaceBook™
- Vimeo™ Video Downloader
- Volume Controller
- Stories for Instagram
- Upload photo to Instagram™
- Pretty Kitty, The Cat Pet
- Video Downloader for YouTube
- SoundCloud Music Downloader
- Instagram App with Direct Message DM
Several members of the cybersecurity community sent requests for information to Microsoft and Google, although none of the companies have commented on it.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.