3 Million Users Have Installed 28 Malicious Chrome or Edge Extensions, Says Avast (zdnet.com) 29
More than three million internet users are believed to have installed 15 Chrome, and 13 Edge extensions that contain malicious code, reports ZDNet, citing an announcement from cybersecurity company Avast:
Avast researchers said they believe the primary objective of this campaign was to hijack user traffic for monetary gains. "For every redirection to a third party domain, the cybercriminals would receive a payment," the company said.
Avast said it discovered the extensions last month and found evidence that some had been active since at least December 2018, when some users first started reporting issues with being redirected to other sites. Jan Rubín, Malware Researcher at Avast, said they couldn't identify if the extensions had been created with malicious code from the beginning or if the code was added via an update when each extension passed a level of popularity. And many extensions did become very popular, with tens of thousands of installs. Most did so by posing as add-ons meant to help users download multimedia content from various social networks, such as Facebook, Instagram, Vimeo, or Spotify.
Avast said it reported its findings to both Google and Microsoft and that both companies are still investigating the extensions.
ZDNet's article includes Avast's lists of the 28 extensions which they're recommending be uninstalled by users.
ZDNet also notes that "A day after Avast published its findings, only three of the 15 Chrome extensions were removed, while all the Edge add-ons were still available for download. A source familiar with the investigation told ZDNet that Microsoft has not been able to confirm the Avast report."
Avast said it discovered the extensions last month and found evidence that some had been active since at least December 2018, when some users first started reporting issues with being redirected to other sites. Jan Rubín, Malware Researcher at Avast, said they couldn't identify if the extensions had been created with malicious code from the beginning or if the code was added via an update when each extension passed a level of popularity. And many extensions did become very popular, with tens of thousands of installs. Most did so by posing as add-ons meant to help users download multimedia content from various social networks, such as Facebook, Instagram, Vimeo, or Spotify.
Avast said it reported its findings to both Google and Microsoft and that both companies are still investigating the extensions.
ZDNet's article includes Avast's lists of the 28 extensions which they're recommending be uninstalled by users.
ZDNet also notes that "A day after Avast published its findings, only three of the 15 Chrome extensions were removed, while all the Edge add-ons were still available for download. A source familiar with the investigation told ZDNet that Microsoft has not been able to confirm the Avast report."
Well? Follow the money (Score:4, Interesting)
Re: (Score:2)
Shouldn't it be relatively easy to follow the money trail? Find out who's behind it?
I suspect it's a lot like spam, and you'll find there are a lot of different groups and individuals behind it.
Everybody is trying to make a quick buck.
Re: (Score:2)
For once (Score:2)
The linked article actually lists the extensions. I am shocked.
Re: (Score:2)
Re: (Score:2)
I'll just keep checking back here until somebody posts the list.
Never click.
Re: For once (Score:2)
Re: (Score:2)
Thanks!
They almost got me with The Cat Pet Video Downloader for YouTube, I'm just lucky that I procrastinated.
crapware (Score:5, Interesting)
Avast only knows this because if you install it it harvests all possible data and sends it home. Avast knows what you are running and what you do, they can't wait to sell that info to anyone that will buy it. In this case, they gave you up for free. Hope you feel protected if you are running Avast, because you are indexed better than you are protected.
Re: (Score:1)
Avast only knows this because if you install it it harvests all possible data and sends it home. Avast knows what you are running and what you do, they can't wait to sell that info to anyone that will buy it. In this case, they gave you up for free. Hope you feel protected if you are running Avast, because you are indexed better than you are protected.
Of course they are keeping track of everything the users have installed. That's actually how this works.
Re:crapware (Score:5, Informative)
Most tools like this use signatures and/or software methods for detection, they keep lists of your files locally and don't need to send them out. Most tools pull signatures in rather than sending the data out. Avast is backwards so that it can glean the most information possible, its how they fund the product.
How quick we are to forget:
https://www.reuters.com/articl... [reuters.com]
Re: crapware (Score:5, Interesting)
I was planning on responding with something more specific and less "angry andy"... my experience with avast isn't related to harvesting information, but perhaps your right?
A few years ago I had avast installed on an android device. Every week it would presumably scan the device and leave a notification that it had done so, urging me to click it for the report.
The report did in fact have the desired message, but burried within a screen that looked almost identicle to the google play store, loaded with app and game referral links.
I left negative feedback and uninstalled the app. Avast did respond to my feedback saying they felt a free app they had a right to advertise with. I don't disagree with that, but I strongly disagree with the apprioach. I felt they were trying to protect my device from other apps from doing deceiving things while doing that themselves.
Re: (Score:2)
Unless the app somehow gets root access, there's no point to scanning because it can't.
Think about it - Android by default prohibits an app from accessing another app's data. Otherwise it would violate data protections - if any app can access any data from any other app, then apps would literally steal everything - emails, texts, passwords, banking information, cryptocurrency wallets and such as part of the advertising system.
Likewise, apps can't access other apps.
All these things really do is catalog the i
Re: (Score:2)
Flimsy excuse (Score:2)
Re: (Score:2)
The real question here is if this can be used to “justify” cutting enough permissions to stop ad blocking from cutting into googles revenue stream. After all, it’s all in the name of “safety”.
This kind of crap costs Google money. They are the ones paying out to the scammers, and the traffic those scam sites get aren't of any actual value to the users that accidentally visit them.
This is not in Google's interest.
Re: (Score:2)
Well it could be worse. (Score:3)
I only trust two extensions (Score:1)
The only extensions I trust are Privacy Badger (because it's produced by the EFF) and uBlock Origin (because it has a long track record and is so high profile amongst the tech literate that we would find out very quickly if it was e.g. sold to a potential scammer etc.).
I expect there are few other trustworthy extensions, maybe noscript etc.
Otherwise, just do without. A little convenience is not worth the risk.
Re: (Score:1)
'few'-->'a few'
I stopped installing them after the first 10 (Score:2)
I wanted to install all 28, but my PC burst into flames :(
Does This Mean (Score:1)
Does this mean that Avast now detects when users install Avast browser extensions?
Avast is among the worst of the worst in AV/EDR.
I'd consider choosing McAfee before choosing Avast.
I'd consider shooting myself in the balls before choosing McAfee.
this is becoming a regular problem (Score:2)
Re: (Score:2)
Re: (Score:2)
I'm not sure how one can easily scan to determine if an extension is malicious just by looking at the source code.
Especially if they don't install the malicious behavior until the fourth update, after everyone has relaxed their guard.
Useful. (Score:2)
Use our fancy store (Score:2)