Malicious Chrome and Edge Extensions Infect at least 300 Million People — what to Do

Malicious Chrome and Edge Extensions Infect at least 300 Million People — what to Do

More than two dozen browser extensions for Google Chrome and Microsoft Edge can steal personal information, redirect users to advertising and phishing sites, and even install malware, avast researchers announced yesterday (December 16)

About 300,000 users have been exposed to the new browser extensions

Nearly 3 million people have installed 28 malicious extensions, three-quarters of which were still available in the Chrome and Edge extension stores at the time of this writing Most of these extensions are video downloaders designed to retrieve streaming data from Facebook, Instagram, Spotify, SoundCloud, Vimeo, YouTube, and other services

Jan Rubín, a malware researcher at avast, stated that "extension backdoors are well hidden and are difficult for security software to detect because extensions do not exhibit malicious behavior until several days after installation"

If you have any of these extensions installed (there is a list at the end of this article), remove them immediately and thoroughly scan your computer for malware with the best anti-virus software Browser extensions work the same way on Windows, macOS, and Linux, so all three platforms may be affected

According to avast, the extension's only real purpose may be to collect money by redirecting users to other websites However, it records every link the user clicks and sends that information to a remote server, as well as collecting information about the user and the host computer

"The actor also collects the user's date of birth, e-mail address, and device information (first sign-in time, last log-in time, device name, operating system, browser used and its version, and even IP address (of the user's approximate geographic location) ), as well as IP addresses (which may be used to find a history of the user's approximate geographic location)," the avast report states

Worse, the extension has the power to "download more malware onto the user's PC," avast said

The extension's designers took great care to avoid suspicion, which may indicate that their ultimate goal may be more than just ad fraud and search engine redirection According to avast, the extension can analyze traffic to determine whether the user is a web developer or a security researcher, and if so, it will not engage in malicious activity

Whoever the user is, the extension waits a while before doing anything malicious

"Extension backdoors are well hidden and are difficult for security software to detect because extensions do not exhibit malicious behavior until several days after installation," avast states

Google has a troubling problem with Chrome browser extensions, and the well-funded search engine giant apparently does not properly screen them before allowing them in the Chrome Web Store

Hundreds of Chrome extensions have been kicked out of the store in 2020 alone for spying on users

Now that Microsoft has relaunched its Edge browser to share Chrome's infrastructure, the same problem appears to be occurring

Tom'sGuide asked an avast spokesperson if Firefox browser add-ons (Mozilla's term for extensions) are also included in this campaign

The full list of avast browser extensions is below Since many extensions have similar names, links to the Microsoft Edge or Chrome Web Store page for each extension are included to avoid confusion

Categories