Adds-ons for Popular Social Media Platforms Being Used to Spread Malware
Researchers have identified 28 popular extensions for Google’s Chrome and Microsoft’s Edge web browsers that may contain malware and are recommending that users uninstall them immediately. It’s believed that more than 3 million people have already downloaded the malware-laced extensions.
Clicking on the links also causes the extensions to send info to the attacker’s control server and thus creating a log of all of someone’s clicks. That log is then sent to third-party websites and can be used to collect a user’s personal information, including birth date, email addresses, device information, first sign-in time, last login time, name of his or her device, operating system, browser used and version, and IP address.
Researchers believe that either the extensions were created deliberately with built-in malware, or the threat actor waited for the extensions to become popular and then pushed out a malicious update. It’s also believed that the domains used in this campaign are likely not owned by the cybercriminals, rather, the domain owners probably pay the cybercriminals for every redirection to the domain.
Extensions for the browsers that potentially could pose a security threat include Video Downloader for Facebook, Vimeo Video Downloader, Instagram Story Downloader, VK Unblock, as well as others in use for the two popular browsers. It’s important to note that the infected extensions are still available for download and we recommend that users disable and uninstall them and scan for malware before continuing to use them.