Up to 3 million devices infected by malware-laced Chrome and Edge add-ons
source link: https://arstechnica.com/information-technology/2020/12/up-to-3-million-devices-infected-by-malware-laced-chrome-and-edge-add-ons/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
SURPRISE —
Up to 3 million devices infected by malware-laced Chrome and Edge add-ons
Security firm identifies 28 malicious extensions hosted by Google and Microsoft.
Dan Goodin - 12/17/2020, 3:58 AM
As many as 3 million people have been infected by Chrome and Edge browser extensions that steal personal data and redirect users to ad or phishing sites, a security firm said on Wednesday.
In all, researchers from Prague-based Avast said they found 28 extensions for the Google Chrome and Microsoft Edge browsers that contained malware. The add-ons billed themselves as a way to download pictures, videos, or other content from sites including Facebook, Instagram, Vimeo, and Spotify. At the time this post went live, some, but not all, of the malicious extensions remained available for download from Google and Microsoft.
Avast researchers found malicious code in the JavaScript-based extensions that allows them to download malware onto an infected computer. In a post, the researchers wrote:
Users have also reported that these extensions are manipulating their internet experience and redirecting them to other websites. Anytime a user clicks on a link, the extensions send information about the click to the attacker’s control server, which can optionally send a command to redirect the victim from the real link target to a new hijacked URL before later redirecting them to the actual website they wanted to visit. User’s privacy is compromised by this procedure since a log of all clicks is being sent to these third party intermediary websites. The actors also exfiltrate and collect the user’s birth dates, email addresses, and device information, including first sign in time, last login time, name of the device, operating system, used browser and its version, even IP addresses (which could be used to find the approximate geographical location history of the user).
The researchers don’t yet know if the extensions came with the malicious code preinstalled or if the developers waited for the extensions to gain a critical mass of users and only then pushed a malicious update. It’s also possible that legitimate developers created the add-ons and then unknowingly sold them to someone who intended to use them maliciously.
AdvertisementA recurring problem
Over the past few years, third-party add-ons have become a widely used means for infecting people with malware and adware. Last year, a researcher uncovered Chrome and Firefox extensions that collected and published the browsing histories of an estimated 4 million people.The data divulged proprietary information from some of the biggest names in tech, including Tesla, Trend Micro, Symantec, and Blue Origin. Individuals’ tax returns, doctor appointment schedules, and other personal information was also exposed.
In at least one case of extension tampering, malicious code was inserted into extensions after attackers gained access to the accounts of legitimate developers. In other cases, the extensions were published by developers who managed to bypass vetting processes browser makers used in an attempt to block abusive or malicious add-ons.
Google and Microsoft didn’t immediately respond to an email seeking comment and asking if the companies planned to remove the extensions reported by Avast.
The apps reported by Avast are:
- Direct Message for Instagram
- Direct Message for Instagram
- DM for Instagram
- Invisible mode for Instagram Direct Message
- Downloader for Instagram
- Instagram Download Video & Image
- App Phone for Instagram
- App Phone for Instagram
- Stories for Instagram
- Universal Video Downloader
- Universal Video Downloader
- Video Downloader for FaceBook
- Video Downloader for FaceBook
- Vimeo Video Downloader
- Vimeo Video Downloader
- Volume Controller
- Zoomer for Instagram and FaceBook
- VK UnBlock. Works fast.
- Odnoklassniki UnBlock. Works quickly.
- Upload photo to Instagram
- Spotify Music Downloader
- Stories for Instagram
- Upload photo to Instagram
- Pretty Kitty, The Cat Pet
- Video Downloader for YouTube
- SoundCloud Music Downloader
- The New York Times News
- Instagram App with Direct Message DM
The list Avast provides in its blog post includes links to download locations for both Chrome and Edge. Anyone who has downloaded one of these add-ons should remove it immediately and run a virus scan.
Recommend
-
34
New 'unremovable' xHelper malware has infected 45,000 Android devices...
-
14
Nearly 3 million people are infected with malware from third-party browser extensions
-
10
Google took down the applications containing Joker For the past three years, Google Play Store has been home to the infamous "Joker" spyware. A recent
-
10
New Android Trojan malware has infected more than 10 million Android devices GriftHorse campaign operators made tens of millions of dollars from their victims By...
-
7
SWISS ARMY KNIFE — Never-before-seen malware has infected hundreds of Linux and Windows devices Small office routers? FreeBSD machines? Enterprise servers? Chaos infects th...
-
5
Home News Facebook credentials stealing malware has infected 300,000 Android devices...
-
4
News Seized Genesis malware market's infostealers infected 1.5 million computers ...
-
5
Watch Out For These Malware-Infected Android TV Boxes
-
6
News Over 60,000 Android apps infected with adware-pushing malware While currentl...
-
17
Three malicious VPN extensions on the Chrome Web Store infected 1.5 million devices before being removed by Google Malware remains a problem on the Chrome Web Store By
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK