Three million users installed 28 malicious Chrome or Edge extensions


More than three million internet users are believed to have installed 15 Chrome, and 13 Edge extensions containing malicious code, security company Avast said today.

The 28 extensions contained code that could perform a number of malicious operations. Avast said it found code to:

  • redirect user traffic to ads
  • redirect user traffic to phishing sites
  • collect personal data, such as dates of birth, email addresses, and active devices
  • collect browsing history
  • download more malware on a user’s device

But despite the fact that code is there to power the above malicious features, Avast researchers said they believe the main goal of this campaign is to drive user traffic. leave for cash benefits.

“For every redirect to a third-party domain, the cybercriminals would get paid,” the company said.

Avast said it found the extensions last month and found evidence that some had been active since at least December 2018, when some users first started reporting issues by being disabled. redirects to other sites.

Jan Rubín, Avast’s Malware Researcher, said they could not identify whether the extensions were created with malicious code from the beginning or whether the code was added with an update when each extension went beyond a major level. popular.

And much of the expansion was popular, with tens of thousands of installations. Most did so by setting how add-ons were meant to help users download multimedia content from a number of social networks, such as Facebook, Instagram, Vimeo, or Spotify.

Avast said it has reported its findings to Google and Microsoft and the two companies are still exploring the expansions.

Google and Microsoft did not return a request for comment seeking additional information about the status of their review of the Avast report or whether the extensions were to be removed.

Below is a list of Chrome extensions that Avast said were found to contain malicious code:

Below is a list of Edge extensions that Avast said were found to contain malicious code:

In order for Google or Microsoft to determine their course of action, Avast recommended that users uninstall and remove the extensions from their browsers.