These 28 extensions for Chrome and Microsoft Edge have infected about 3 million users with malware



Avast security researchers have identified at least 28 extensions available for Google Chrome and Microsoft Edge in their respective stores that contain malware hidden in your code.



Malicious software has the function redirect user traffic to ad or phishing websites to steal personal data of the user, such as dates of birth, email address, operating system, browser, active devices, session start time, and even IP address.



3 million installations





Malicious Extensions

One of the extensions with hidden malware



According to the Chrome Web Store and Edge Add-on Store numbers, the extensions were downloaded by at least three million users worldwide. Most of the extensions are for downloading videos from social networks like Facebook, Instagram or Vimeo.



These extensions contain malicious Javascript code that allows additional malware to be downloaded onto the user's computer. In addition to this, each time the user with the installed extension clicks on any link, the extension sends the click information to the attacker's server, and can optionally run a command to redirect the victim to a new compromised URL before redirecting them to the site they wanted to visit.







The best extensions for Chrome, Edge and Firefox of 2020





The researchers explain that extensions of this type are difficult to detect because they "hide themselves very well", and do not show malicious behavior until days after their installation.




Most of the extensions are for downloading videos from social networks like Facebook, Instagram or Vimeo




In addition to this, the malware inside the extensions detects if the user is googling some of their domains, or if the user is a web developer, in order not to perform any malicious activity in their browser and avoid infecting less naive people.





Malicious Edge Extensions

Another extension in the Microsoft Edge store



At the time of this publication extensions are still available. Avast claims to have contacted Microsoft and Google to report them, and both companies say they are investigating the problem. The recommendation is that if you have installed any of these, remove them and scan your system with an antivirus.



List of compromised extensions:



  • Direct Message for Instagram


  • Direct Message for Instagram ™


  • DM for Instagram


  • Invisible mode for Instagram Direct Message


  • Downloader for Instagram


  • Instagram Download Video & Image


  • App Phone for Instagram


  • App Phone for Instagram


  • Stories for Instagram


  • Universal Video Downloader


  • Universal Video Downloader


  • Video Downloader for FaceBook ™


  • Video Downloader for FaceBook ™


  • Vimeo ™ Video Downloader


  • Vimeo ™ Video Downloader


  • Volume Controller


  • Zoomer for Instagram and FaceBook


  • VK UnBlock. Works fast.


  • Odnoklassniki UnBlock. Works quickly.


  • Upload photo to Instagram ™


  • Spotify Music Downloader


  • Stories for Instagram


  • Upload photo to Instagram ™


  • Pretty Kitty, The Cat Pet


  • Video Downloader for YouTube


  • SoundCloud Music Downloader


  • The New York Times News


  • Instagram App with Direct Message DM