Researchers from Avast report that around 3 million Google Chrome and Microsoft Edge users may have been infected with malware that is hidden in browser extensions.
Once infected, your browser can redirect you to ads or phishing sites that can steal a wide range of personal data, including:
- Active devices
- Birth dates
- Email addresses
The extensions affected by the malware include:
- Instagram Story Downloader
- Video Downloader for Facebook
- VK Unblock
- Vimeo Video Downloader
The researchers have been aware of the malicious code since November, but it may have been active for years.
The infected extensions allow an attacker to hijack the URL and then redirect the victim to a fraudulent website before redirecting them back to the legitimate one in order to conceal the attack.
During the process, sensitive user data gets collected, including:
- IP address
- Operating system
- Email addresses
- Browser used
- Device information
Jan Rubin, a malware researcher at Avast, suspects that these problematic extensions were created with the intention of making them popular, but then the developers pushed an update containing malware at some point.
Another theory is that the author of these extensions had legitimate intentions initially, but then sold them to someone who introduced the malware.
Austin Merritt, a cyber threat analyst at Digital Shadows, added that a major red flag is when threat actors lure users into downloading browser extensions.
As Google Chrome has a 70% share of the browser market, malware is becoming an ever more apparent problem.
In June 2020, Google had to remove 106 Chrome extensions that were found to be collecting sensitive user data in secrecy.
It is a good practice to be on your guard and uninstall extensions that are either suspicious or that you no longer use.