Threat researchers have discovered (avast) Avast, A company known for digital security and privacy products, infects massive numbers of malware infections to people all over the world.
Researchers say: About 3 million people worldwide are infected with malware via extensions to third-party browsers for services, such as: Instagram, Facebook, Vimeo, and others.
Avast researchers say: The malware is hidden in at least 28 extensions from Google’s Chrome browser, and Microsoft’s Edge from third-parties, associated with the most common platforms on the Internet.
Showed Research shows that malware is able to redirect user traffic to ads or phishing sites. Malware can also steal personal data, such as birthdays, email addresses, and active devices.
The extensions claim to help users download videos from sources, which include: Video Downloader for Facebook, Vimeo Video Downloader, Instagram Story Downloader, VK Unblock, and other extensions for Chrome and Edge.
Users infected with these harmful plugins have also reported that the extensions can redirect them to other websites. When users click on the rap, the extension sends information of what users click on to the attacker’s control server. This server can send a command to redirect the victim from the real link to the hacked URL before redirecting them to the website they want to visit.
This allows hackers to log all clicks that are sent to intermediary third-party websites. Threat representatives can also collect data, including: login time, device name, operating system, browser, IP addresses as well as personal data.
Avast researchers believe that hackers who run malicious extensions want to monetize your traffic. And every time communications are redirected to a third-party domain, the criminals get paid.
Researchers warn that malware can disguise itself to avoid detection and removal. Avast says: At the time of writing this report, extensions are still available for download, but Google and Microsoft have been contacted. A full list of harmful plugins can be found Here.