Malware hidden in 28 third-party extensions for Google Chrome and Microsoft Edge redirects users to ads or phishing sites, Avast warned this week.
Distributed through official app stores, the extensions appear to have been downloaded by approximately 3 million people.
The extensions were apparently designed to help users download videos from some of the most popular platforms out there, including Facebook, Vimeo, Instagram, VK, and others.
Code identified in these JavaScript-based extensions was meant to allow for the download of additional malware onto users’ computers.
Additionally, these extensions were designed to redirect users to other websites. As soon as the user clicks a link, information about the action is sent to the attacker’s control server, which can respond with a command to redirect to a hijacked URL before redirecting again to the site they wanted to visit.
In addition to getting a log of all user clicks in the browser, the attackers can exfiltrate personal and other types of information from the infected machines, including birth dates and email addresses, along with device data such as login times, device name, operating system, browser, and IP addresses.
Avast believes that the operation is aimed at monetizing traffic, with the attackers receiving payment each time a redirection to a third-party domain occurs. Additionally, the extensions redirect to ads or phishing sites.
The operation appears to have been active for years, but without being discovered. Mentions of the hijacks have been observed as early as December 2018.
According to Jan Rubín, malware researcher at Avast, the extensions might have been built with the malware inside right from the start, or could have gotten the code in an update, after the extensions gained popularity.
“The extensions’ backdoors ..
Support the originator by clicking the read the rest link below.
