dangerous malware spread in about thirty extensions, remove them quickly!
Edge and Chrome are victims of malware that can steal user data. Not surprisingly, the malware is able to determine the skill level of the user and will activate or not accordingly. The malware in question is spread through relatively popular extensions that sometimes promise to download YouTube videos and sometimes to send messages on Instagram.
Despite countless precautions by publishers, browsers are constantly being targeted by hackers of all persuasions. Especially when the attacked browser doesn’t have a heart, as with the Raccoon banking malware, hackers extensions found in different stores of these same browsers inject malicious code into their victims’ machines.
The ultimate threat is to both edge and Chrome, both have Chromium as their common source. Avast researchers have indeed discovered malware that spreads through relatively well-known extensions and often promises to help the user download videos from the Internet.
Malware learns user behavior before activating
Avast researchers have identified 28 Edge and Chrome extensions that are infected with a new type of malware. Malware is harmful in more ways than one. Once the machine is infected, the malware can sometimes show unwanted advertising (which is less bad), sometimes steal personal information (it’s more serious, you can imagine).
But one of the features of the malware is that it only activates after a few days. And during this time, he is not only super discreet, but also can analyze his victim’s behavior and skill level. For this, it uses its own history and determines whether it is a web developer or not.
Jan Voytesek, a security expert from Avast, explains that “the virus detects whether the user searches for one of their domains on Google or, for example, whether the user is a web developer. If so, then it won’t show any malicious activity in your browser. This avoids infecting people more experienced in web development, as they can more easily learn what extensions do behind the scenes.
Also Read: Windows 10 requires Microsoft’s new browser Edge to be installed
More than 3 million computers are infected with malware hidden in Chrome and Edge extensions
Avast first discovered this threat in November 2020, but believes it may have been active for years. According to Avast’s estimation, this would be the case more than 3 million computers will be affected in this way.
About thirty extensions are concerned. Here is the full list. If some of them are duplicated, this is completely normal, because they can appear in one of the two stores (Google Chrome or Microsoft Edge), or they can be twice in each of them.
- App phone for Instagram
- App phone for Instagram
- Direct Message for Instagram
- Direct Message for Instagram™
- DM for Instagram
- Downloader for Instagram
- Instagram App with Direct Message DM
- Download Instagram Video and Photo
- Invisible mode for Instagram Direct Message
- Unblock Odnoklassniki. It works fast.
- Pretty Kitty, Cat House
- SoundCloud music downloader
- Spotify music downloader
- Stories for Instagram
- Stories for Instagram
- The New York Times News
- Universal video downloader
- Universal video downloader
- Upload the photo to Instagram™
- Upload the photo to Instagram™
- Video Downloader for Facebook™
- Video Downloader for Facebook™
- Video downloader for YouTube
- Vimeo™ Video Downloader
- Vimeo™ Video Downloader
- Unblock VK. Work fast.
- Sound controller
- Zoomer for Instagram and Facebook
Note that at the time of writing this article, Microsoft and Google have removed all these extensions from their respective stores. But if you use one of them, only one password: delete them immediately. To do this, click the little puzzle icon in the top right corner of Chrome. Find the offending extension in the list that appears, then click it Other actionsand finally Remove from Chrome.
Under Edge, click the Settings and more icon at the top right, then select the Extensions feature. There you will find all the add-ons installed on your browser. Find what you are worried about and just click To delete.
