According to Avast, these extensions affected 3 million users worldwide.
Google’s Chrome browser is the most used web browser in the world while Microsoft’s Edge browser is the least used one. Yet, it comes pre-installed on all Windows devices. As of 2020 1.2 billion Windows PCs in use worldwide meaning both browsers are lucrative targets for cybercriminals and the latest report from IT and software security firm Avast proves it.
The IT security researchers at Avast have discovered a vast network of malicious Chrome and Edge browser extensions, which are hijacking clicks to links in search results to display arbitrary URLs such as phishing websites and malicious ads.
This, according to researchers, proves that even those extensions that we install from official browser stores cannot be trusted.
“We usually trust that the extensions installed from official browser stores are safe. But that is not always the case as we recently found,” Avast researchers revealed.
See: DuckDuckGo study claims Google Incognito searches are not private
28 rogue extensions hijacking Google search results
Avast has dubbed the malicious extensions CacheFlow. There are 28 extensions identified to be malicious, including:
VK Unblock
Vimeo Video Downloader,
Video Downloader for Facebook,
Instagram Story Downloader.
Some of the affected countries include:
France
Ukraine
Brazil
Spain
Russia
Argentina
United States
However, acting quickly upon Avast’s report; Google and Microsoft took down all the backdoored browser extensions by Dec 18, 2020. In total, the extensions affected 3 million users worldwide.
