Up to 3 million devices infected by malware-laced Chrome and Edge add-ons
Security firm identifies 28 malicious extensions hosted by Google and Microsoft. …
reader comments
47 with 32 posters participating
As many as 3 million people have been infected by Chrome and Edge browser extensions that steal personal data and redirect users to ad or phishing sites, a security firm said on Wednesday.
In all, researchers from Prague-based Avast said they found 28 extensions for the Google Chrome and Microsoft Edge browsers that contained malware. The add-ons billed themselves as a way to download pictures, videos, or other content from sites including Facebook, Instagram, Vimeo, and Spotify. At the time this post went live, some, but not all, of the malicious extensions remained available for download from Google and Microsoft.
Avast researchers found malicious code in the JavaScript-based extensions that allows them to download malware onto an infected computer. In a post, the researchers wrote:
Users have also reported that these extensions are manipulating their internet experience and redirecting them to other websites. Anytime a user clicks on a link, the extensions send information about the click to the attacker’s control server, which can optionally send a command to redirect the victim from the real link target to a new hijacked URL before later redirecting them to the actual website they wanted to visit. User’s privacy is compromised by this procedure since a log of all clicks is being sent to these third party intermediary websites. The actors also exfiltrate and collect the user’s birth dates, email addresses, and device information, including first sign in time, last login time, name of the device, operating system, used browser and its version, even IP addresses (which could be used to find the approximate
Continue reading – Article source
Similar Posts: