Malicious Extensions — Data At Stake

2 min readDec 18, 2020

Over 30 lakh worldwide users affected by third party extensions of Google Chrome, Microsoft Edge

Malwares identified in around 28 third party extensions of Google Chrome and Microsoft Edge were found by the Threat Intelligence team of Avast Security that may have affected 30 lakh people across the world, which were connected with top and famous platforms like Instagram, Facebook.

It was possible to redirect the users’ traffic to phishing sites and ads and thereby steal their private and personal information. Statistics from the app stores show a count over 30 lakh of downloads from the users, who likely got affected.

Avast also added that the extensions that help users download videos from those platforms also contain Video Downloader used by Facebook, Vimeo Video Downloader, and similar video downloaders including Instagram Story Downloader and various extensions on Google Chrome and some others on Microsoft Edge on Wednesday, suggesting it’s users to either uninstall or at least disable extensions for the time being.

The malicious extensions are presently still available for downloads on the platforms.

Avast conveyed that they have contacted the teams of both the browsers and reported to them, to be confirmed and assured to take action against the happenings.

Reports of the Avast team revealed that the extensions contained JavaScript based malicious codes that were capable of making the browser of downloading furthermore malicious content.

Malware Researcher of Avast, Mr. Jan Rubin said that their hypothesis was either the extensions were either created deliberately with the malware built-in, or the author pushed it as an update after the extensions have become popular enough. He also added that there is a chance of the author selling them to someone else, who eventually infiltrated malware into the extensions.

As expected, there have been reports from users about being redirected to other undesired pages and about their internet actions being manipulated.

Though the Threat Intelligence team of Avast has initiated action against this, it’s equally likely that they have been active since years without being noticed.

Rubin further added that the Chrome Web Store has reviews that date back to December 2018 about link hijacking.




A Security Approach In A Zero Trust World