The most popular Internet platforms are third-party extensions that allow you to do certain things in social networks, but these can cause malicious software and must be uninstalled.
The extensions that we use in browsers will make us useful, there are even times that are fun, but also dangerous.
This is the case of a total of 28 extensions that have been analyzed by researchers of the antivirus software Avast Threat Intelligence after other researchers of Czech origin identified a threat. The extensions that are affected range from Video Downloader for Facebook, to Instagram Story Downloader, passing through Vimeo Video Downloader, VK Unblock among other additional extensions that can be included in Google Chrome or Microsoft Edge. More than 3 million people may have been affected worldwide according to data from the number of downloads in the store.
According to Avast researcher Jan Rubin, the most widely considered hypothesis is that these extensions were deliberately created with embedded malware, or the author waited for those extensions to become popular and releases an update that contains malware. Another option that is possible is that the author sold the extensions to someone else and that someone else introduced the malware.
These infected extensions are based on Javascript to contain all that code that is malicious and that makes it possible to download more malware onto a person’s computer. It is also possible to manipulate the links that the victims will click after downloading and installing the extensions. A good example is the links to Google search that will lead those users to sites that are theoretically random, although, in reality, they are not. This might include all kinds of advertisements or phishing sites.
It is possible that the domains are not owned by these cybercriminals, but rather these domain owners pay these cybercriminals for each of the redirects that are produced.
When a person clicks on the links, together with the extensions that can send certain information to the server controlled by the attacker himself, the record of all the clicks is created. After registration it can be sent to other people’s web pages and can be used to collect the necessary personal information, this information includes the date of birth, device information, email addresses, time of first start session, last login time, operating system, browser, device name, version or OP address.
The entire Avast team was in charge of monitoring this threat during November 2020, but it may have been active for several years without anyone noticing. There are many reviews on the Chrome Web Store that are going to mention all this hijacking of the links since December 2018. This means that the devices may have been infected for longer than previously thought.
After publication, those extensions that are infected are available for download. So if you suspect that you have to weed any of these extensions, the researchers recommend disabling and uninstalling them quickly, then searching for and removing any malware that may be inside the device. Furthermore, Microsoft and Google have been informed about this problem by researchers. These people have confirmed those claims regarding a data breach, and there is no evidence whatsoever for all of this. But it won’t be uncommon for tech companies to take time out before such data breaches.
