Over three million internet users have installed 28 extensions that contain malicious codes, internet security firm Avast said on Thursday. It added that 15 Chrome extensions and 13 Edge extensions with such code capable of performing several malicious operations.
According to the security firm, the malicious code can redirect user traffic to advertisements and phishing sites, collect personal details, such as birth dates, email address and active devices, browsing history, as well as download further malware onto a user's device.
However, according to the Avast researchers, the primary objective of this campaign was to highjack user traffic for monetary gains. The firm said that "for every redirection to a third-party domain, the cybercriminals would receive a payment".
Malicious Campaign
Last month, the security firm first discovered the extensions laced with the malicious code. The researchers also noticed that some of these extensions were active since December 2018, when some internet users complained of being redirected to other sites.
The firm couldn't identify if the extensions had been created with the malicious code when they were first launched or if the code was added through an update. Many of these extensions became quite popular as tens of thousands of people installed them.
Avast reported Google and Microsoft about the malicious extensions. As reported, both the companies are currently investigating the extensions.
Here is the list of those extensions that contain the malicious code:
Chrome extensions | Edge extensions |
| Direct Message for Instagram | Direct Message for Instagram™ |
| DM for Instagram | Instagram Download Video & Image |
| Invisible mode for Instagram Direct Message | App Phone for Instagram |
| Downloader for Instagram | Universal Video Downloader |
| App Phone for Instagram | Video Downloader for FaceBook™ |
| Stories for Instagram | Vimeo™ Video Downloader |
| Universal Video Downloader | Volume Controller |
| Video Downloader for FaceBook™ | Stories for Instagram |
| Vimeo™ Video Downloader | Upload photo to Instagram™ |
| Zoomer for Instagram and FaceBook | Pretty Kitty, The Cat Pet |
| VK UnBlock. Works fast. | Video Downloader for YouTube |
| Odnoklassniki UnBlock. Works quickly. | SoundCloud Music Downloader |
| Upload photo to Instagram™ | Instagram App with Direct Message DM |
| Spotify Music Downloader | |
| The New York Times News |
However, on Thursday ESET, a global leader in cybersecurity, announced today it is continuing to partner with Google to protect Google Chrome users.
Juraj Malcho, ESET's Chief Technology Officer said, "We are proud to partner with Google in helping Chrome users enjoy safer technology. The ongoing collaboration with Google and Chrome Cleanup demonstrates the importance that both companies place on keeping users safe and secure. With Chrome being the browser of choice for most Windows users, ESET's technology and engineers are providing frontline protection."
