Nearly 3 million people are infected with malware from third-party browser exten...
source link: https://www.slashgear.com/nearly-3-million-people-are-infected-with-malware-from-third-party-browser-extensions-17651534/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Nearly 3 million people are infected with malware from third-party browser extensions
Threat researchers from Avast, a company known for digital security and privacy products, have discovered a massive amount of malware infections for people around the world. The researchers say that around 3 million people globally are infected with malware via third-party browser extensions for Instagram, Facebook, Vimeo, and others. Avast researchers say that malware is hidden in at least 28 third-party Google Chrome and Microsoft Edge extensions associated with some of the most popular platforms on the Internet.
Research showed the malware could redirect user traffic to ads or phishing sites. Malware is also able to steal personal data like birthdays, email addresses, and active devices. The extensions claim to aid users in downloading videos from sources and include Video Downloader for Facebook, Vimeo Video Downloader, Instagram Story Downloader, VK Unblock, and other extensions for Chrome and Edge.
Malicious code was discovered in the JavaScript-based extensions allowing them to download more malware onto a user’s computer. Users infected with these malicious extensions also report the extensions can redirect them to other websites. When users click a link, the extension sends information about what users are clicking to the attacker’s control server. That server can send a command to redirect the victim from the real link to a hijacked URL before redirecting them to the website they wanted to visit.
That allows the hackers to log all clicks being sent to the third party intermediary websites. The threat actors are also able to collect data, including sign-in time, login time, the name of the device, operating system, browser, and IP addresses, along with personal data. Avast researchers believe hackers operating the malicious extensions want to monetize the traffic. Every time connections are redirected to a third-party domain, the criminals get paid.
Researchers warn the malware can hide itself to avoid detection and removal. Avast says as of writing, the extensions are still available for download, but the Microsoft and Google Chrome teams have been contacted. A full list of the malicious extensions can be seen here.
Recommend
-
34
New 'unremovable' xHelper malware has infected 45,000 Android devices...
-
6
SURPRISE — Up to 3 million devices infected by malware-laced Chrome and Edge add-ons Security firm identifies 28 malicious extensions hosted by Google and Microsoft. ...
-
10
Google took down the applications containing Joker For the past three years, Google Play Store has been home to the infamous "Joker" spyware. A recent
-
10
New Android Trojan malware has infected more than 10 million Android devices GriftHorse campaign operators made tens of millions of dollars from their victims By...
-
7
SWISS ARMY KNIFE — Never-before-seen malware has infected hundreds of Linux and Windows devices Small office routers? FreeBSD machines? Enterprise servers? Chaos infects th...
-
5
Home News Facebook credentials stealing malware has infected 300,000 Android devices...
-
4
News Seized Genesis malware market's infostealers infected 1.5 million computers ...
-
5
Watch Out For These Malware-Infected Android TV Boxes
-
6
News Over 60,000 Android apps infected with adware-pushing malware While currentl...
-
7
MOD MALWARE — Dozens of popular Minecraft mods found infected with Fracturiser malware Stop downloading or updating Minecraft mods for now, investigators...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK