Security researchers have discovered 28 extensions for the Chrome and Edge web browsers that contain malicious code. It’s likely that the plug-ins could have infected more than three million people worldwide.
Cybersecurity firm Avast first discovered the extensions last month, with some believed to have been active since at least December 2018. Among the malicious activity that they carry out, some redirect user traffic to ads or phishing sites, some harvest personal or browsing data, and others download additional malware.
Of the 28 malicious extensions identified, 15 were available for the Chrome web browser, while 13 were Edge extensions. They covered a broad spectrum of services, from messaging platforms to music streaming, with many leveraging well-known brands like Spotify and the New York Times to convince users that the downloads are safe.
- Here's our list of the best VPN services right now
- Here's our list of the best malware removal software on the market
- We've built a list of the best ransomware removal tools out there
Malware for money
“Our hypothesis is that either the extensions were deliberately created with the malware built in, or the author waited for the extensions to become popular and then pushed an update containing the malware,” Avast researcher Jan Rubin commented. “It could also be that the author sold the original extensions to someone else after creating them and then his client introduced the malware afterwards.”
Avast also added that it believes the primary goal of the plug-ins is financial, with cybercriminals receiving payment when the extension redirects a user to a third-party domain. Many of the extensions have proven extremely popular, boasting tens of thousands of installs, which could have resulted in some sizeable payments for the attackers.
Avast has passed on its list of malicious extensions to Google and Microsoft, with both companies currently carrying out their own investigations. In the meantime, any individual that has installed one of the plug-ins in question should remove it as soon as possible and run antivirus software on their device.
- Check out our list of the best antivirus services around
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services. After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.