Extensions with Malware: 3 Million Infected on Chrome and Edge

In addition to Google and Mozilla, antivirus firms and security researchers often scan extension stores for potential threats. In this way, it is possible to detect, more easily and quickly, any type of threat that is hidden in these stores and may pose a problem for users. In exchange, of course, for a reward through the corresponding Bug Bounty program.

This time it was Avast Threat Intelligence researchers who have come across these new threats in the Chrome extensions store. And, to the surprise of Avast and Google, malicious extensions have gone unnoticed to the point of having, right now, more than 3 million infected users.

Malware hidden in various Chrome extensions for social networks

Hackers have taken advantage of the popularity of various social networks, such as Instagram, Facebook, and Vimeo, among others, as a hook to distribute their malware. To do this, they have created several extensions with which to offer users functions that, by default, are not available on these social networks. For example, extensions to control direct messages, download photos and videos, or go invisible.

Specifically, the extensions that have been found with malware are the following:

• Direct Message for Instagram
• Direct Message for Instagram ™
• DM for Instagram
• Invisible mode for Instagram Direct Message
• Downloader for Instagram (1,000,000+ users)
• App Phone for Instagram
• App Phone for Instagram
• Stories for Instagram
• Universal Video Downloader
• Universal Video Downloader
• Video Downloader for FaceBook ™
• Video Downloader for FaceBook ™
• Vimeo ™ Video Downloader (500,000+ users)
• Vimeo ™ Video Downloader
• Volume Controller
• Zoomer for Instagram and FaceBook
• VK UnBlock. Works fast.
• Odnoklassniki UnBlock. Works quickly.
• Upload photo to Instagram ™
• Spotify Music Downloader
• Stories for Instagram
• Upload photo to Instagram ™
• Pretty Kitty, The Cat Pet
• Video Downloader for YouTube
• SoundCloud Music Downloader
• The New York Times News
• Instagram App with Direct Message DM

Some of these extensions have been available since 2018 and, to this day, many of them are still in the Chrome Store, despite the fact that Google has been informed of their danger. The main purpose of these extensions is to analyze all the activity of the victims, collect data (such as dates of birth, emails, passwords and bank details) and, furthermore, forward their victims to websites controlled by hackers, generally with advertising purposes (through referrals) and to carry out Phishing attacks .

What to do if we are victims

Although these extensions will gradually disappear from the Chrome Store, they have been present in the store for more than two years, and it is estimated that, in total, they are installed in more than 3 million web browsers, both Chrome and the new Edge Chromium , being compatible with these same extensions.

The first thing we should do is check if our browser has any of these extensions. We will write in the address bar ” chrome: // extensions / ” and we will look for any match with any of them. In case of finding it, the first thing to do is uninstall it from the browser. We also recommend, for security reasons, a full reset of Chrome to remove any possible changes or settings you may have made.

After removing the browser extension, it is advisable to analyze the PC with an antivirus to make sure that the extension has not installed any payload or any other type of malware that could jeopardize our security. It is also more than advisable to take the opportunity to change the online passwords that we use (in case they have been stolen) and make sure that we do not have unauthorized charges in our bank account.