Google Chrome explain how users can view extension data
READ MORE
Jan Rubin, malware researcher at Avast, said: The extensions’ backdoors are well-hidden and the extensions only start to exhibit malicious behaviour days after installation, which made it hard for any security software to discover .
Rubin also added: Our hypothesis is that either the extensions were deliberately created with the malware built-in, or the author waited for the extensions to become popular, and then pushed an update containing the malware. It could also be that the author sold the original extensions to someone else after creating them, and then the buyer introduced the malware afterwards .
New-york
United-states
Jan-rubin
Jan-vojtesek
Google
Instagram
Youtube
Chrome-web
Facebook
Microsoft
Google-chrome
Microsoft-edge
Chrome and Edge extensions laced with malware have already been installed three million times
Malware hidden in at least 28 third-party GoogleChrome and Microsoft Edge extensions has been discovered by security researchers.
The malware has the functionality to redirect user’s traffic to ads or phishing sites and to steal people’s personal data, such as birth dates, email addresses, and active devices, according to a report released by cybersecurity firm Avast.
Researchers have said that up to three million users could be affected by the malware.
The malware in question masquerades as legitimate extensions that help download videos from Instagram, Facebook, Vimeo, and other social platforms. The researchers have identified malicious code in the JavaScript-based extensions that allow the plugins to download further malware onto a user’s PC.
Instagram
Google
Youtube
Facebook
Microsoft
Microsoft-edge
Jan-rub
Google-chrome
Direct-message
App-phone
Universal-video-downloader