If you use Google Chrome or Microsoft Edge browsers, do not download these extensions!
As reported by colleagues at Bleeping Computer, it appears that several malicious applications that have already been installed over three million times are still present on the Chrome Web Store and the Microsoft Edge extension portal.
Avast researchers Threat Intelligence have in fact identified various extensions that are able to steal user information and redirect them to phishing sites. Specifically, these are software that offer additional functionality for very popular sites like Instagram, Facebook, Vimeo and more.
Although Avast spotted the extensions in November 2020, it is estimated that they may have been used to years, as some reviews on the Chrome Web Store warned of redirects starting from December 2018.
According to the Avast report, it seems that these extensions, before making a link to the real site requested by the user, redirect to another page, as well as collect personal information such as date of birth, e-mail address used, operating system used, browser version installed and IP address.
Read also: Adrozek: malware that terrorizes Chrome, Edge and Firefox on millions of PCs
The ultimate goal of the creators of these extensions should be to monetize user traffic by automatically redirecting them. third party domains.
Jan RubÃn, a malware researcher at Avast, said:
Extension backdoors are well hidden, and extensions start exhibiting malicious behavior only a few days after installation, which has made it difficult for any security software to detect them. Our guess is that the extensions were created deliberately with the malware built in, or the author waited for the extensions to become popular and then posted an update containing the malware. It could also be that the author sold the original extensions to someone else after creating them, so the buyer might have introduced the malware later.
You can find the complete list of malicious extensions for Google below. Chrome and Edge found by Avast, some of them still available for download.
• Direct Message for Instagram
• Direct Message for Instagram ™
• DM for Instagram
• Invisible mode for Instagram Direct Message
• Downloader for Instagram (1,000,000+ users)
• Instagram Download Video & Image
• App Phone for Instagram
• Phone App for Instagram
• Stories for Instagram
• Universal Video Downloader
• Universal Video Downloader
• Video Downloader for FaceBook ™
• Video Downloader for FaceBook ™
• Vimeo ™ Video Downloader (500,000+ users)
• Vimeo ™ Video Downloader
• Volume Controller
• Zoomer for Instagram and FaceBook
• VK UnBlock. Works fast.
• Odnoklassniki UnBlock. Works quickly.
• Upload photo to Instagram ™
• Spotify Music Downloader
• Stories for Instagram
• Upload photo to Instagram ™
• Pretty Kitty, The Cat Pet
• Video Downloader for YouTube
• SoundCloud Music Downloader
• The New York Times News
• Instagram App with Direct Message DM
If you have installed one or more of the listed extensions, our advice is to uninstall them as soon as possible.
XPG Levante 240, version equipped with two 120mm, is available on Amazon at a price of 110.99 euros, what are you waiting for?
Avast researchers Threat Intelligence have in fact identified various extensions that are able to steal user information and redirect them to phishing sites. Specifically, these are software that offer additional functionality for very popular sites like Instagram, Facebook, Vimeo and more.
Although Avast spotted the extensions in November 2020, it is estimated that they may have been used to years, as some reviews on the Chrome Web Store warned of redirects starting from December 2018.
According to the Avast report, it seems that these extensions, before making a link to the real site requested by the user, redirect to another page, as well as collect personal information such as date of birth, e-mail address used, operating system used, browser version installed and IP address.
Read also: Adrozek: malware that terrorizes Chrome, Edge and Firefox on millions of PCs
The ultimate goal of the creators of these extensions should be to monetize user traffic by automatically redirecting them. third party domains.
Jan RubÃn, a malware researcher at Avast, said:
Extension backdoors are well hidden, and extensions start exhibiting malicious behavior only a few days after installation, which has made it difficult for any security software to detect them. Our guess is that the extensions were created deliberately with the malware built in, or the author waited for the extensions to become popular and then posted an update containing the malware. It could also be that the author sold the original extensions to someone else after creating them, so the buyer might have introduced the malware later.
You can find the complete list of malicious extensions for Google below. Chrome and Edge found by Avast, some of them still available for download.
• Direct Message for Instagram
• Direct Message for Instagram ™
• DM for Instagram
• Invisible mode for Instagram Direct Message
• Downloader for Instagram (1,000,000+ users)
• Instagram Download Video & Image
• App Phone for Instagram
• Phone App for Instagram
• Stories for Instagram
• Universal Video Downloader
• Universal Video Downloader
• Video Downloader for FaceBook ™
• Video Downloader for FaceBook ™
• Vimeo ™ Video Downloader (500,000+ users)
• Vimeo ™ Video Downloader
• Volume Controller
• Zoomer for Instagram and FaceBook
• VK UnBlock. Works fast.
• Odnoklassniki UnBlock. Works quickly.
• Upload photo to Instagram ™
• Spotify Music Downloader
• Stories for Instagram
• Upload photo to Instagram ™
• Pretty Kitty, The Cat Pet
• Video Downloader for YouTube
• SoundCloud Music Downloader
• The New York Times News
• Instagram App with Direct Message DM
If you have installed one or more of the listed extensions, our advice is to uninstall them as soon as possible.
XPG Levante 240, version equipped with two 120mm, is available on Amazon at a price of 110.99 euros, what are you waiting for?