Malicious Chrome & Edge Extensions Installs Over 3 Million Store

Czech Internet security giant Avast found out on December 16th that around 3 million people all over the world have been infected with malware spread through third-party browser extensions for Instagram, Facebook, and Vimeo among others.

As of now Google Chrome and Microsoft Edge appear to be the affected browser. Google and Microsoft are extensively investigating the issue, but the 28 fake extensions continue to be available on the Chrome Web-Store and Microsoft Edge Add-on portals. As of now, 15 of these malicious extensions reside on Google Chrome and 13 on Microsoft Edge.

How does the malware work?

The malware works by hijacking the URL. So every time you click on a new link, the hacker tracks your every movement. Then the hacker automatically re-directs you to a new URL of his liking instead of to the one you chose to go to.

The incentive here is purely monetary as redirecting users to ads and phishing sites would yield a steady stream of incoming considering the horde of innocent users being re-directed.

Risk of data leaks

The malwares are not limited to just generating ad revenue, as they are capable of collecting user data as well. It has been reported that these fake extensions are capable of collecting the user’s date of birth, email address, device information, first sign in time, latest login time, browser used and even the IP address. These data points once put together have the potential to reveal a user’s geographical location.

Though these fake extensions were only recently discovered, some of them have been rampant since December 2018. It is believed that the attackers wait for the extension to become popular and then introduce the malware via an update. It is also possible that the original extension developer could have sold it to someone else, and subsequently they could have introduced the malware.

List of extensions affected on Google chrome and Microsoft Edge:

  1. Direct Message for Instagram
  2. Direct Message for Instagram™
  3. DM for Instagram
  4. Invisible mode for Instagram Direct Message
  5. Downloader for Instagram
  6. Instagram Download Video & Image
  7. App Phone for Instagram
  8. App Phone for Instagram
  9. Stories for Instagram
  10. Universal Video Downloader
  11. Universal Video Downloader
  12. Video Downloader for FaceBook™
  13. Video Downloader for FaceBook™
  14. Vimeo™ Video Downloader
  15. Vimeo™ Video Downloader
  16. Volume Controller
  17. Zoomer for Instagram and FaceBook
  18. VK UnBlock. Works fast.
  19. Odnoklassniki UnBlock. Works quickly.
  20. Upload photo to Instagram™
  21. Spotify Music Downloader
  22. Stories for Instagram
  23. Upload photo to Instagram™
  24. Pretty Kitty, The Cat Pet
  25. Video Downloader for YouTube
  26. SoundCloud Music Downloader
  27. The New York Times News
  28. Instagram App with Direct Message DM

You can follow us on LinkedinTwitterFacebook for daily Cyber security and hacking news updates.


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…

10 hours ago

Is Your Online Store Hacked in a Carding Attack? Here’s an Action Plan to Protect

Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…

13 hours ago

Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data

The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…

14 hours ago

New Android Malware Employs Various Tactics to Deceive Malware Analyst

In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…

16 hours ago

DJvu Ransomware Mimic as Cracked Software to Compromise Computers

A recent campaign has been observed to be delivering DJvu ransomware through a loader that…

17 hours ago

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

18 hours ago