There are 28 infected extensions and dangerous for browsers Google Chrome e Microsoft Edge present on the respective stores more than a month after the complaint of Avast, who discovered them in early November and referred them to Google and Microsoft for removal. But to no avail, as unfortunately happens more and more often.
These are extensions that take advantage of the name and popularity of platforms such as Instagram, Vimeo, Facebook, Spotify, SoundCloud or even newspapers like the New York Times to steal data from users and to direct them towards dangerous ones phishing sites. Some of these extensions were online even long before: at least one since December 2018. One extension has exceeded one million downloads and all 28 together exceed 3 million. Massive amount of data stolen in all this time from users and incalculable the number of people damaged by phishing sites. Only in the last few hours have Google and Microsoft been taking steps to prevent the download of these dangerous add-ons.
What are the dangerous extensions
Here is the extension list for Chrome and Edge which are dangerous and must be removed immediately:
- Direct Message for Instagram
- Direct Message for Instagram
- DM for Instagram
- Invisible mode for Instagram Direct Message
- Downloader for Instagram
- Instagram Download Video & Image
- Phone app for Instagram
- Phone app for Instagram
- Stories for Instagram
- Universal Video Downloader
- Universal Video Downloader
- Video Downloader for FaceBook
- Video Downloader for FaceBook
- Vimeo Video Downloader
- Vimeo Video Downloader
- Volume Controller
- Zoomer for Instagram and FaceBook
- VK UnBlock. Works fast.
- Odnoklassniki UnBlock. Works quickly.
- Upload photo to Instagram
- Spotify Music Downloader
- Stories for Instagram
- Upload photo to Instagram
- Pretty Kitty, The Cat Pet
- Video Downloader for YouTube
- SoundCloud Music Downloader
- The New York Times News
- Instagram App with Direct Message DM
Why these extensions are dangerous
Avast researchers found Javascript code in the extensions it downloads a malware on the PC of the user. The virus is used to steal data from the user, from the email address to the IP address (from which the physical location of the computer can be traced), up to a recording of all clicks in the browser (and therefore of all sites visited). The malware also collects the time of the first access, the time of the last access, the name of the device, the operating system, the browser used and its version. All-round espionage.
Some users also reported that after installing one of these extensions the browser started redirecting them to dangerous, phishing or further infected websites. Avast researchers are convinced that the ultimate goal of these extensions (which are all free) is monetize traffic himself receiving a micro sum of money for each user sent to dangerous sites.
“Our guess is that the extensions were built deliberately with the malware built in, or the author waited for the extensions to become popular and then sent an update containing the malware. It could also be that the author sold the original extensions to someone else after creating them, so the buyer introduced the malware later, ”explains Jan Rubín of Avast.
Whatever the reason why these extensions behave this way little changes: they must be removed immediately.
These 28 extensions for Chrome-Edge are to be deleted right away