Instagram, Facebook, Vimeo, and Other Third-Party Browser Extensions Infected with Malware

About 3 Million Chrome and Edge users have been infected by the browser extensions that steal personal data and redirect users to ad or phishing sites according to Avast Threat Intelligence post.

“The malware has the functionality to redirect user’s traffic to ads or phishing sites and to steal people’s personal data, such as birth dates, email addresses, and active devices.”

– Avast

The Avast Threat Intelligence team started monitoring this threat in November 2020. But believe that it could have been active for years without anyone noticing.

“The extensions’ backdoors are well-hidden and the extensions only start to exhibit malicious behavior days after installation, which made it hard for any security software to discover.”

– Jan Rubín, Malware Researcher at Avast

In the post published on Wednesday, December 16, 2020, the global leader in digital security and privacy products have identified 28 extensions for the Google Chrome and Microsoft Edge browsers that contained malware.

28 Extensions that Contained Malware

Some of the world’s most popular platforms are among the list that contained malware:

  1. Direct Message for Instagram
  2. Direct Message for Instagram
  3. DM for Instagram
  4. Invisible mode for Instagram Direct Message
  5. Downloader for Instagram
  6. Instagram Download Video & Image
  7. App Phone for Instagram
  8. App Phone for Instagram
  9. Stories for Instagram
  10. Universal Video Downloader
  11. Universal Video Downloader
  12. Video Downloader for FaceBook
  13. Video Downloader for FaceBook
  14. Vimeo Video Downloader
  15. Vimeo Video Downloader
  16. Volume Controller
  17. Zoomer for Instagram and FaceBook
  18. VK UnBlock. Works fast.
  19. Odnoklassniki UnBlock. Works quickly.
  20. Upload photo to Instagram
  21. Spotify Music Downloader
  22. Stories for Instagram
  23. Upload photo to Instagram
  24. Pretty Kitty, The Cat Pet
  25. Video Downloader for YouTube
  26. SoundCloud Music Downloader
  27. The New York Times News
  28. Instagram App with Direct Message DM

A malicious code in the Javascript-based extensions has also been identified by Prague-based Avast researchers. It allows the extensions to download further malware onto a user’s PC. 

“Users have also reported that these extensions are manipulating their internet experience and redirecting them to other websites. Anytime a user clicks on a link, the extensions send information about the click to the attacker’s control server, which can optionally send a command to redirect the victim from the real link target to a new hijacked URL before later redirecting them to the actual website they wanted to visit. User’s privacy is compromised by this procedure since a log of all clicks is being sent to these third party intermediary websites. The actors also exfiltrate and collect the user’s birth dates, email addresses, and device information, including first sign in time, last login time, name of the device, operating system, used browser and its version, even IP addresses (which could be used to find the approximate geographical location history of the user).”

– Avast

According to Avast malware researcher, Jan Vojt?šek, the malware has been quite difficult to detect since it has the ability to “hide itself”. He also added that “the virus detects if the user is googling one of its domains or, for instance, if the user is a web developer and, if so, won’t perform any malicious activities on their browsers. It avoids infecting people more skilled in web development since they could more easily find out what the extensions are doing in the background.”

“Our hypothesis is that either the extensions were deliberately created with the malware built in, or the author waited for the extensions to become popular, and then pushed an update containing the malware. It could also be that the author sold the original extensions to someone else after creating them, and then the buyer introduced the malware afterwards,”

– Jan Rubín, Malware Researcher at Avast

Both Microsoft and Google confirmed they are currently looking into the issue after Avast has contacted them.

In the meantime, Avast recommends users disable or uninstall the extensions for now until the problem is resolved and then scan for and remove the malware.

Source: Avast

<amp-ad width=”100vw” height=”320″
  <div overflow=””></div>

Leave a Reply

Your email address will not be published. Required fields are marked *