While we all like to use browser extensions, not all of them are as safe as they are made out to be. In recent times it seems almost 30 that are malicious have been brought into the light and many people already have them downloaded.
According to Tech Times, Google as well as Microsoft art currently investigating 28 malicious extensions that were uncovered by Avast. These are extensions that could be malware in disguise, basically. I know, that might sound scary but knowing about this kind of thing is important and from here we can work to better protect ourselves.
Business Insider wrote as follows on this topic:
Immensely popular and innocently disguised Facebook, Vimeo and Instagram extensions on your web browser may actually be malware, according to the internet security provider Avast. Especially if you’re a part of the majority using Google Chrome.
The malware is affecting around three million people around the world as per install numbers and can ‘hijack’ your URL. It means that the extension can track every time you click on a new link and alert the hacker. The hacker then has the option to redirect you to a new URL of his choosing, rather than sending you to your real destination.
The malware is affecting around three million people around the world as per install numbers and can ‘hijack’ your URL. It means that the extension can track every time you click on a new link and alert the hacker. The hacker then has the option to redirect you to a new URL of his choosing, rather than sending you to your real destination.
And, as with most crimes, there’s a monetary motive at play. Redirecting user traffic to ads and phishing sites by the millions can yield a pretty steady income stream. “For every redirection to a third party domain, the cybercriminals would receive a payment,” said the report by Avast Threat Intelligence.
Malware extensions are tracking everything you do online
Even though the end goal is getting more revenue off of ads, the malicious extensions on Google Chrome and Edge are capable of collecting data as well.
According to Avast, these extensions can collect personal data like birth dates, email addresses, and device information. This includes even the most minute details like first sign-in time, last login time, name of the device, operating system, used browser, and its version, and even IP addresses.
The more information these malware extensions are able to get, the less secure you are. So much can be learned through the things we do online and the things we enter into our computers overall, this we need to be aware of and be careful about. These extensions are something we’ve only become aware of within about a month or two and some of them have been present according to Business Insider since 2018.
That for those wondering means people have been sharing their information without realizing it for literal years. While we do not yet know where these extensions originated, we do know that they seem to have been created to be malicious or became malicious after becoming popular. Things like this really bring to light how dangerous the things we do online can be and how careful we need to be about the things we download.
Tech Times lists the extensions affected as follows (some are the same names but on Edge/Chrome):
App Phone for Instagram
App Phone for Instagram
DM for Instagram
Direct Message For Instagram™
Direct Message For Instagram
Invisible mode for Instagram Direct Message
Downloader for Instagram
Instagram Download Video & Image
Instagram App with Direct Message DM
Stories for Instagram
Stories For Instagram
Upload Photo to Instagram™
Upload Photo to Instagram™
Universal Video Downloader
Universal Video Downloader
Video Downloader for FaceBook™
Video Downloader for Facebook™
Vimeo™ Video Downloader
Vimeo™ Video Downloader
Volume Controller
VK UnBlock. Works Fast.
Odnoklassniki UnBlock. Works quickly
Spotify Music Downloader
Pretty Kitty, The Cat Pet
Video Downloader for YouTube
SoundCloud Music Downloader
The New York Times
Take a look through the things you have installed and make sure you’re not being affected by this at the moment.