Google Chrome and Microsoft Edge web browser users have been cautioned about at least 28 new malicious extensions discovered on the Chrome Web Store and Microsoft Edge Add-ons portal.
According to security experts Avast, these nefarious browser extensions have been downloaded over three million times across the globe and pack a number of dangerous tools at their disposal. Once downloaded into your web browser, these lightweight apps can steal sensitive personal data and send you to phishing websites. And, most worryingly, at the time of publishing, Avast said these Chrome and Edge third-party add-ons were still listed on official marketplaces and available to download.
The security experts have contacted both Microsoft and Google about these malicious extensions, with the tech giants investigating the problematic downloads right now.
But according to Avast, the extensions remain available to download pending the investigation – meaning more people could be tricked.
Avast has been monitoring this threat since last month, but said it could have remained active and undetected for years. There are reviews on the Chrome Web Store mentioning link hijacking as far back as December 2018.
Jan Rubin, malware researcher at Avast, said: “The extensions’ backdoors are well-hidden and the extensions only start to exhibit malicious behaviour days after installation, which made it hard for any security software to discover”.
Rubin also added: “Our hypothesis is that either the extensions were deliberately created with the malware built-in, or the author waited for the extensions to become popular, and then pushed an update containing the malware. It could also be that the author sold the original extensions to someone else after creating them, and then the buyer introduced the malware afterwards”.
A number of the extensions that Avast highlighted posed as helpful tools which aid people looking to download videos from leading sites such as Facebook and YouTube. Extensions that Avast mentioned include Video Downloader for Facebook, Instagram Story Downloader, Spotify Music Downloader and Video Downloader for YouTube.
Avast malware researcher Jan Vojtesek said the malware has been difficult to detect as it is capable of hiding itself.
Vojtesek explained: “The virus detects if the user is googling one of its domains or, for instance, if the user is a web developer and, if so, won’t perform any malicious activities on their browsers. It avoids infecting people more skilled in web development, since they could more easily find out what the extensions are doing in the background.”
Advising users on how to stay safe, Avast recommended that anyone who has the extensions should disable or uninstall them for now.
They should also scan for malware and remove any malicious downloads that have ended up on their machine.
Here is a list of problematic extensions that Avast highlighted: Direct Message for Instagram, Direct Message for Instagram™, DM for Instagram, Invisible mode for Instagram Direct Message, Downloader for Instagram, Instagram Download Video & Image, App Phone for Instagram, Stories for Instagram, Universal Video Downloader, Video Downloader for FaceBook™, Vimeo™ Video Downloader, Volume Controller, Zoomer for Instagram and FaceBook, VK UnBlock. Works fast., Odnoklassniki UnBlock. Works quickly., Upload photo to Instagram™, Spotify Music Downloader, Stories for Instagram, Upload photo to Instagram™, Pretty Kitty, The Cat Pet, Video Downloader for YouTube, SoundCloud Music Downloader, The New York Times News, Instagram App with Direct Message DM.