Over 3 million internet users have reportedly been found out to have installed about 15 Chrome as well as 13 Edge extensions that supposedly all include malicious code according to the security firm Avast.
The 28 extensions contained code that could perform several malicious operations. Avast said it found code to:
- redirect user traffic to ads
- redirect user traffic to phishing sites
- collect personal data, such as birth dates, email addresses, and active devices
- collect browsing history
- download further malware onto a user’s device
Avast said it discovered the extensions last month and found evidence that some had been active since at least December 2018, when some users first started reporting issues with being redirected to other sites.
Below is the list of Chrome extensions that Avast said it found to contain malicious code:
- Direct Message for Instagram
- DM for Instagram
- Invisible mode for Instagram Direct Message
- Downloader for Instagram
- App Phone for Instagram
- Stories for Instagram
- Universal Video Downloader
- Video Downloader for FaceBook™
- Vimeo™ Video Downloader
- Zoomer for Instagram and FaceBook
- VK UnBlock. Works fast.
- Odnoklassniki UnBlock. Works quickly.
- Upload photo to Instagram™
- Spotify Music Downloader
- The New York Times News
Below is the list of Edge extensions that Avast said it found to contain malicious code:
- Direct Message for Instagram™
- Instagram Download Video & Image
- App Phone for Instagram
- Universal Video Downloader
- Video Downloader for FaceBook™
- Vimeo™ Video Downloader
- Volume Controller
- Stories for Instagram
- Upload photo to Instagram™
- Pretty Kitty, The Cat Pet
- Video Downloader for YouTube
- SoundCloud Music Downloader
- Instagram App with Direct Message DM
Until Google or Microsoft decide what’s their course of action, Avast recommended that users uninstall and remove the extensions from their browsers.
