Tasken
Advanced
- Joined
- 22.09.20
- Messages
- 127
- Reaction score
- 1,017
- Points
- 63
Avast experts found malware hidden in at least 28 third-party extensions for Google Chrome and Microsoft Edge. All these extensions were associated with popular platforms: for Google Chrome, this Video Downloader for Facebook, Vimeo Video Downloader, Instagram Downloader Story, Unblock VK, and also in the list of professionals there are several extensions for the Microsoft Edge.
The malware found allows extensions to download additional malware to the user's computer, can redirect victims ' traffic to advertising or phishing sites, steal personal data (for example, dates of birth, email addresses) and information about active devices.
Given the number of downloads of these extensions in app stores, approximately 3,000,000 people could have been affected worldwide.
Users also complain that these extensions interfere with their work on the network and redirect them to other sites. Each time you click on a link, the extensions send information about this action to the hackers ' command server. Next, the attacker can issue a command to redirect a person from a real link to a new, malicious URL, and only then send it to the site that he originally planned to visit.
All this threatens the privacy of users, since the log of all clicks is transmitted to third-party intermediary sites. Hackers also extract and collect dates of birth, email addresses and device information, including the time of the first and last login, the device name, the operating system, the browser used and its version, even IP addresses (can be used to determine the geographical location of the victim).
Avast researchers believe that the goal of this campaign is primarily to monetize traffic: for each redirect to a third-party domain, cybercriminals receive a payment. Extensions can also redirect users to advertising or phishing sites.
The Avast Threat Intelligence team began investigating this threat in November 2020, but believes that it could have existed for years, just that no one noticed it. The Chrome store has user reviews that mention link hijacking, and they are dated December 2018.
At the moment, all infected extensions are still available for download. Avast contacted the Microsoft and Google Chrome teams and reported the findings. Both Microsoft and Google have confirmed that they are currently investigating the issue. In the meantime, Avast recommends that users disable or remove extensions until the problem is resolved, and then scan the PC and remove malware if it is found.
The malware found allows extensions to download additional malware to the user's computer, can redirect victims ' traffic to advertising or phishing sites, steal personal data (for example, dates of birth, email addresses) and information about active devices.
Given the number of downloads of these extensions in app stores, approximately 3,000,000 people could have been affected worldwide.
Users also complain that these extensions interfere with their work on the network and redirect them to other sites. Each time you click on a link, the extensions send information about this action to the hackers ' command server. Next, the attacker can issue a command to redirect a person from a real link to a new, malicious URL, and only then send it to the site that he originally planned to visit.
All this threatens the privacy of users, since the log of all clicks is transmitted to third-party intermediary sites. Hackers also extract and collect dates of birth, email addresses and device information, including the time of the first and last login, the device name, the operating system, the browser used and its version, even IP addresses (can be used to determine the geographical location of the victim).
Avast researchers believe that the goal of this campaign is primarily to monetize traffic: for each redirect to a third-party domain, cybercriminals receive a payment. Extensions can also redirect users to advertising or phishing sites.
The Avast Threat Intelligence team began investigating this threat in November 2020, but believes that it could have existed for years, just that no one noticed it. The Chrome store has user reviews that mention link hijacking, and they are dated December 2018.
At the moment, all infected extensions are still available for download. Avast contacted the Microsoft and Google Chrome teams and reported the findings. Both Microsoft and Google have confirmed that they are currently investigating the issue. In the meantime, Avast recommends that users disable or remove extensions until the problem is resolved, and then scan the PC and remove malware if it is found.