top of page
  • Writer's pictureMEYO

Browser extensions, video downloaders found infected with viruses... ALERT !!!

Several browser extensions for Google Chrome and Microsoft Edge browser have found to be infected with malware that can steal your information.


  • Avast has said multiple browser extensions are infected with malware.

  • Google Chrome and Microsoft Edge extensions can redirect users to phishing websites.

  • These phishing websites can steal user data and monetise traffic.

If you use the Google Chrome or Microsoft Edge browsers, you probably have browser extensions installed to help you with some nifty things, like downloading a video from Facebook or directing someone on Instagram. These extensions, up to 28, have now been identified as infected with malware that redirects users to insecure websites and steals personal data such as email addresses, contact numbers, and even bank card information. The security firm Avast has pointed out in its report that around three million people may have been affected by these malicious extensions.

Extensions are generally installed to accomplish some cumbersome tasks. For example, downloading a video from YouTube or Facebook or accessing a mobile application in a browser. Avast has listed several such extensions that are allegedly infected with malware, including Video Downloader for Facebook, Vimeo Video Downloader,

Instagram Story Downloader, and VK Unblock. Users don’t pay much attention before downloading these extensions, which are a haven for injecting harmful code that can download malware onto the device.

These 28 extensions have been found to contain malicious JavaScript that can easily invite malware. All the user has to do is click a link, after which the extension sends information about the click to the attacker’s server. The attacker can choose to inject a command that redirects the user to a phishing website using a hijacked URL before redirecting them again, but now to the actual website the user wanted to visit. This process compromises the privacy of the user and makes their data prone to theft.

“The actors also extract and collect the user’s dates of birth, email addresses, and device information, including initial login time, previous login time, device name, operating system , the browser used and its version, even used to find the approximate geographical location history of the user), ”Avast said in a press release.

According to the security firm, the basic purpose of this activity is to monetize the traffic of different users. Every redirect activity to a third-party domain causes cybercriminals to get paid. The activity of redirecting users also benefits phishing websites because they can collect information from the user without their consent and use that information in unimaginable ways.

“Our hypothesis is that the extensions were deliberately built with the malware embedded, or the author waited for the extensions to become popular and then released an update that contained the malware. It could also be that the author sold the original extensions to someone else after creating them, and then the buyer introduced the malware afterward, ”said Jan Rubin, malware researcher at Avast.

These browser extensions, available in both Google Chrome and the Microsoft Edge browser, began to be monitored in November of this year, but Avast researchers believe that the threats in them may have been active for years without anyone noticing. Researchers have cited reviews that some users left in the lists of these extensions in the Google Chrome Web Store that mention link hijacking activities since December 2018. The reason that could have happened is, says Rubín, the capacity of these extensions to hide rear doors. These extensions “only start to show malicious behavior days after installation, making it difficult for any security software to discover.”

All the browser extensions mentioned by Avast in the report are still available for download on Google Chrome and Microsoft Edge browsers. Avast has said it has contacted both Google and Microsoft to report the threat, to which both companies have said they are “currently investigating the problem.” Until these extensions are removed from both browser stores, Avast advises users to disable or uninstall these extensions and run a virus scan on their systems.

Ref: Light home.


bottom of page