Connect with us

News

Delete these popular Chrome and Edge extensions – they’re riddled with malware

Over three million Chrome and Edge users installed 28 malicious extensions, says Avast.

google chrome logo on purple background for google search
Image: KnowTechie

A team of threat intelligence researchers working for Avast revealed that more than three million Edge and Chrome users have had installed at least one of 28 malicious extensions. According to the researchers, the malware embedded in the extensions was found to be monetizing traffic by redirecting users to phishing websites and ads. 

Aside from their primary functions, the extensions featured a malicious java-script code that is difficult to detect. Jan Vojtěšek, a researcher for Avast, says that the malicious code can “hide itself.” For example, if the malicious software detects that the user is a web or software developer, it won’t do anything malicious. 

That’s because it knows that those people are well skilled in web development. They can easily figure out the problem if they found any suspicious behavior during their online browsing experience. Even the average web developer can quickly figure out what extensions are doing in the background. 

Instead, the malicious software targets other, less skillful users, that have no clue about what’s going on with their extensions and why they sometimes get redirects and certain ads on their screen. Furthermore, the malicious software found in these extensions can collect personal data, download more malicious software on the user’s device, and other things like collecting browsing history.

Here are the Microsoft Edge extensions that contain malicious code: 

  • Vimeo™ Video Downloader
  • Instagram App with Direct Message DM
  • Pretty Kitty, The Cat Pet
  • Stories for Instagram
  • Direct Message for Instagram™
  • Instagram Download Video & Image
  • Video Downloader for YouTube
  • App Phone for Instagram
  • Video Downloader for FaceBook™
  • Universal Video Downloader
  • Volume Controller
  • Upload photo to Instagram™
  • SoundCloud Music Downloader

And here’s the list of Google Chrome extensions also found to have malicious code detected by Avast’s researchers:

  • DM for Instagram
  • Invisible mode for Instagram Direct Message
  • Zoomer for Instagram and Facebook
  • App Phone for Instagram
  • Downloader for Instagram
  • Universal Video Downloader
  • Stories for Instagram
  • Spotify Music Downloader
  • Video Downloader for FaceBook™
  • Odnoklassniki UnBlock. Works quickly.
  • Vimeo™ Video Downloader
  • VK UnBlock. Works fast.
  • Upload photo to Instagram™
  • Direct Message for Instagram

Avast forwarded its findings to both Microsoft’s and Google Chrome’s teams. In return, the two companies said they would take their findings seriously and look into the matter. 

At the same time, Avast recommends those who have installed any of these affected extensions to remove or at least temporarily disable until the malicious software has been removed from their base code.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Comments
Advertisement

More in News