[ad_1]
Cybercrime, fraud and cybercrime management, fraud risk management
Researchers: 28 Third-Party Extensions Could Steal Data and Download Malware
Doug Olenick (DougOlenick) •
December 18, 2020
Investigators from the security firm Avast has found 28 malicious third-party browser extensions used with Google Chrome and Microsoft Edge that have been downloaded approximately 3 million times. These extensions are capable of spreading malware, stealing information, and altering search engine results.
See also: Top 50 security threats
The falsified association of malicious extensions with known applications, such as Facebook, Spotify, and Instagram, to help conceal that they are designed to perform malicious activities, including redirecting users to phishing websites or advertisements, collecting PII and histories navigation and download additional information. malware on the victim’s device, Avast reports.
“Every time a user clicks on a link, the extensions send information about the click to the attacker’s control server, which can optionally send a command to redirect the victim from the target of the actual link to a new hijacked URL before redirect them to the actual website. they wanted to visit us, “says Avast.
Researchers believe that the developers of the extensions are involved in a click hijacking scheme and are paid by the owners of the fraudulent websites targeted by the victims.
How old are the extensions?
Avast began monitoring these third-party extensions in November, but the company believes the extensions have been available since December 2018. Although Avast warned Microsoft and Google about malicious extensions, they all remain available while those companies conduct their own investigations. says Avast. .
Microsoft and Google did not immediately respond to a request for comment.
“Our hypothesis is that the extensions were deliberately built with the malware embedded or the author waited for the extensions to become popular and then released an update that contained the malware,” Avast researcher Jan Rubin notes in Thursday’s report. “It could also be that the author sold the original extensions to someone else after creating them and then his client introduced the malware.”
Avast has created a free tool that can search for and remove any malicious application.
Malicious extensions are tagged as:
- Direct message for Instagram
- Direct message for Instagram
- DM for Instagram
- Stealth Mode for Instagram Direct Message
- Downloader for Instagram
- Instagram Download Video and Image
- Phone app for Instagram
- Phone app for Instagram
- Stories for Instagram
- Universal video downloader
- Universal video downloader
- Video Downloader for FaceBook
- Video Downloader for FaceBook
- Vimeo Video Downloader
- Vimeo Video Downloader
- Volume controller
- Zoomer for Instagram and FaceBook
- VK Unlock
- Unlocking Odnoklassniki
- Upload photo to Instagram
- Spotify Music Downloader
- Stories for Instagram
- Upload photo to Instagram
- Pretty Kitty, the pet cat
- Video Downloader for YouTube
- SoundCloud Music Downloader
- New York Times News
- Instagram app with DM direct message
Other extension problems
In June, Awake Security discovered that 70 Chrome extensions could be used to steal users’ credentials and security tokens, which were later removed.
And in February, Google removed 500 Chrome extensions from its online store after Duo Security researchers discovered that attackers were using them to steal browser data.
[ad_2]