Many users reported that these extensions "manipulate their internet experience and redirect them to other websites." (Pixabay)

Three million users affected by malware infected by Google Chrome, Microsoft Edge browser extensions: Avast

Adriana MaraisDecember 18, 20 Avast, Google chrome, Microsoft Edge

Microsoft Edge and Google Chrome extensions that contained malware were downloaded by around three million people, according to a report from Avast. Avast researchers said they managed to identify around 28 extensions on Chrome and Edge that were infected with malware.

In most cases, these add-ons (browser extensions) have been charged for making it easier to download images, videos, or other content from social media platforms like Instagram, Facebook, Spotify, and Vimeo. The malware in the extensions, according to reports, redirected users to advertisements or phishing sites and stole their personal data.

Avast wrote in a blog post that its researchers successfully identified malicious code in JavaScript-based extensions in Chrome and Edge. These codes allowed infected extensions to download more malware into users’ systems. Counting all downloads from Google and Microsoft online stores, researchers said around three million people may have been affected globally.

Many users reported that these extensions “manipulate their internet experience and redirect them to other websites.”

“Every time a user clicks on a link, the extensions send information about the click to the attacker’s control server, which can optionally send a command to redirect the victim from the real target of the link to a new hacked URL. before redirecting it later to the actual website. they wanted to visit. User privacy is compromised by this procedure as a log of all clicks is sent to these third-party intermediary websites, the Avast researchers explained.

Browser extension malware stole people’s personal data such as birthdates, email addresses, and active devices.

Actors also exfiltrate and collect the user’s birthdates, email addresses and device information, including time of first login, time of last login, name of the user. ‘device, operating system, browser used and its version, even IP addresses (which could be used to find the approximate geographic location of the user), the researchers added.

Avast researchers believe that the goal behind this malware is to monetize traffic. They also believe that if the Avast Threat Intelligence team had started monitoring the threat in November 2020, malware in the Google Chrome and Microsoft Edge browser extensions could have been active for years without anyone noticing.

“The backdoors of extensions are well hidden and extensions only start showing malicious behavior a few days after installation, making it difficult to discover any security software,” said Jan Rub n, malware researcher at Avast.

The blog was published on December 16, and researchers there mentioned that the infected extensions were still available for download at the time of publication.