According to Avast’s threat intelligence researchers, many third-party browser extensions for services like Facebook, Instagram, and Vimeo have been infected with a specific type of malware. The team could spot the said malware in more than 28 extensions for Google Chrome and Microsoft Edge.
Malware-ridden web browser extensions on the rise
Avast also found that the malware functions by redirecting users’ traffic to malicious sites, including phishing sites that could potentially steal credentials from the user.
That the extensions are associated with popular platforms like Facebook and Instagram make them more capable of targeting vulnerable users. Most of these apps are designed to help users download videos from popular sites like Facebook and Video.
Because this is a popular category of extensions, Avast believes that no less than three million users have installed these malicious extensions on their browsers.
Because the extensions are made for browsers and not specific Operating Systems, they have a better chance of infecting more people. Users who reported about the malicious extensions had talked about their internet experience becoming manipulated.
Users were sent to strange URLs and phishing pages when they clicked on normal-looking links. The threat actors behind the malware are also known to collect the users’ info during this period. This data, further sold to tech support scammers and other threat actors, can affect a person’s overall digital life.
Avast believes that the threat actors are getting paid for each user they redirect to a malicious website.
Avast has also published a list of the malicious extensions, which you should uninstall immediately. The threat was found in November 2020 but believes that the scam should have been running for an extended period.