Avast are the makers of popular antivirus software. Their researchers, recently found a total of twenty-eight different Google Chrome and Microsoft Edge extensions that were laced with malware.

Worse, they found the extensions have been downloaded by more than 3 million users around the world. All of the extensions were designed to help facilitate the download of pictures and video from platforms like Spotify, Vimeo, Instagram and Facebook.

According to the researchers, the malware is JavaScript-based and is designed to display ads or direct users to phishing sites where their personal information may be collected for later use.

Avast’s research team had this to say about their findings:

Users have also reported that these extensions are manipulating their Internet experience and redirecting them to other websites. Any time a user clicks on a link, the extensions send information about the click to the attacker’s control server, which can optionally send a command to redirect the victim from the real link target to a new hijacked URL before later redirecting them to the actual website they wanted to visit. User’s privacy is compromised by this procedure since a log of all clicks is being sent to these third-party intermediary websites.”

As malware goes, that’s certainly not the worst thing we’ve seen, but it is a genuine threat that puts your privacy, and potentially your personal information at risk.

If you rely on a number of browser extensions, especially those that facilitate easier and more convenient downloading of images and videos, and you use either Edge or Explorer, it pays to purge your existing collection of extensions and reinstall clean copies. This is especially true if you’ve been noticing aberrant behavior in your browser.

Unfortunately, many users tend to download and forget about extensions, so it may not be obvious at first glance that the two (your extensions and the malware) are connected. In light of that, it pays to conduct a thorough review of your system.

Leave a Reply

Your email address will not be published.

You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*