Security researchers have discovered 28 extensions for the Chrome and Edge web browsers that contain malicious code. It’s likely that the plug-ins could have infected more than three million people worldwide.
Cybersecurity firm Avast first discovered the extensions last month, with some believed to have been active since at least December 2018. Among the malicious activity that they carry out, some redirect user traffic to ads or phishing sites, some harvest personal or browsing data, and others download additional malware.
Of the 28 malicious extensions identified, 15 were available for the Chrome web browser, while 13 were Edge extensions. They covered a broad spectrum of services, from messaging platforms to music streaming, with many leveraging well-known brands like Spotify and the New York Times to convince users that the downloads are safe.
- Here's our list of the best VPN services right now
- Here's our list of the best malware removal software on the market
- We've built a list of the best ransomware removal tools out there
Malware for money
“Our hypothesis is that either the extensions were deliberately created with the malware built in, or the author waited for the extensions to become popular and then pushed an update containing the malware,” Avast researcher Jan Rubin commented. “It could also be that the author sold the original extensions to someone else after creating them and then his client introduced the malware afterwards.”
Avast also added that it believes the primary goal of the plug-ins is financial, with cybercriminals receiving payment when the extension redirects a user to a third-party domain. Many of the extensions have proven extremely popular, boasting tens of thousands of installs, which could have resulted in some sizeable payments for the attackers.
Avast has passed on its list of malicious extensions to Google and Microsoft, with both companies currently carrying out their own investigations. In the meantime, any individual that has installed one of the plug-ins in question should remove it as soon as possible and run antivirus software on their device.
- Check out our list of the best antivirus services around