Researchers at Prague-based cybersecurity company Avast are alerting the public about malicious browser extensions. The information comes from a press release dated December 16 and warns that 3 million Google Chrome and Microsoft Edge users are at risk for malware infections. The third-party extensions in question are used for customers of companies like Facebook and Vimeo. Such extensions include Video Downloader for Facebook, Vimeo Video Downloader, Instagram Story Downloader, and VK Unblock. This is far from the first time that browser extensions have been implicated in malicious activity.
Based on Avast’s research, the nature of the malware in these extensions seems to be driven by monetary pursuits. According to reports from users dealing with the infections, the malware causes site redirects that appear to be monetized on each click. The malware also functions as a JavaScript-injection where threat actors can download additional malware to a target machine. Finally, the creators of the extensions collect data on each user, which Avast has determined to include anything from IP addresses to birth dates and device information, such as MAC addresses.
Speaking on the malware-infected third-party extensions, Jan Rubín, malware researcher at Avast, had this to say:
Our hypothesis is that either the extensions were deliberately created with the malware built-in, or the author waited for the extensions to become popular, and then pushed an update containing the malware. It could also be that the author sold the original extensions to someone else after creating them, and then the buyer introduced the malware afterwards… The extensions’ backdoors are well-hidden, and the extensions only start to exhibit malicious behavior days after installation, which made it hard for any security software to discover.
Avast said that they had alerted both Google and Microsoft, and as a result, the companies were looking into solutions for the malicious browser extensions. At the time of the press release, the extensions (the full list can be found on the release) were still active. Avast advises every individual who has used these third-party applications to uninstall them and engage in a full-system malware scan.
Featured image: Rawpixel.com
