Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security Chrome Microsoft

3 Million Users Have Installed 28 Malicious Chrome or Edge Extensions, Says Avast (zdnet.com) 29

Posted by EditorDavid from the ruh-roh dept.
More than three million internet users are believed to have installed 15 Chrome, and 13 Edge extensions that contain malicious code, reports ZDNet, citing an announcement from cybersecurity company Avast: Avast researchers said they believe the primary objective of this campaign was to hijack user traffic for monetary gains. "For every redirection to a third party domain, the cybercriminals would receive a payment," the company said.

Avast said it discovered the extensions last month and found evidence that some had been active since at least December 2018, when some users first started reporting issues with being redirected to other sites. Jan Rubín, Malware Researcher at Avast, said they couldn't identify if the extensions had been created with malicious code from the beginning or if the code was added via an update when each extension passed a level of popularity. And many extensions did become very popular, with tens of thousands of installs. Most did so by posing as add-ons meant to help users download multimedia content from various social networks, such as Facebook, Instagram, Vimeo, or Spotify.

Avast said it reported its findings to both Google and Microsoft and that both companies are still investigating the extensions.
ZDNet's article includes Avast's lists of the 28 extensions which they're recommending be uninstalled by users.

ZDNet also notes that "A day after Avast published its findings, only three of the 15 Chrome extensions were removed, while all the Edge add-ons were still available for download. A source familiar with the investigation told ZDNet that Microsoft has not been able to confirm the Avast report."
This discussion has been archived. No new comments can be posted.

3 Million Users Have Installed 28 Malicious Chrome or Edge Extensions, Says Avast More

3 Million Users Have Installed 28 Malicious Chrome or Edge Extensions, Says Avast

Comments Filter:

  • Well? Follow the money (Score:4, Interesting)

    by mnemotronic ( 586021 ) <mnemotronic@noSpaM.gmail.com> on Sunday December 20, 2020 @11:47AM (#60851074) Homepage Journal
    Shouldn't it be relatively easy to follow the money trail? Find out who's behind it?

    • Shouldn't it be relatively easy to follow the money trail? Find out who's behind it?

      I suspect it's a lot like spam, and you'll find there are a lot of different groups and individuals behind it.
      Everybody is trying to make a quick buck.

    • Like for the ransomware? Not easy to trace bitcoin operations.

  • The linked article actually lists the extensions. I am shocked.

    • It seems Google already removed these ext pages.

    • I'll just keep checking back here until somebody posts the list.

      Never click.

      • Below is the list of Chrome extensions that Avast said it found to contain malicious code: Direct Message for Instagram DM for Instagram Invisible mode for Instagram Direct Message Downloader for Instagram App Phone for Instagram Stories for Instagram Universal Video Downloader Video Downloader for FaceBookâ Vimeoâ Video Downloader Zoomer for Instagram and FaceBook VK UnBlock. Works fast. Odnoklassniki UnBlock. Works quickly. Upload photo to Instagramâ Spotify Music Downloader The New York T

        • Thanks!

          They almost got me with The Cat Pet Video Downloader for YouTube, I'm just lucky that I procrastinated.

  • crapware (Score:5, Interesting)

    by awwshit ( 6214476 ) on Sunday December 20, 2020 @11:59AM (#60851108)

    Avast only knows this because if you install it it harvests all possible data and sends it home. Avast knows what you are running and what you do, they can't wait to sell that info to anyone that will buy it. In this case, they gave you up for free. Hope you feel protected if you are running Avast, because you are indexed better than you are protected.

    • Avast only knows this because if you install it it harvests all possible data and sends it home. Avast knows what you are running and what you do, they can't wait to sell that info to anyone that will buy it. In this case, they gave you up for free. Hope you feel protected if you are running Avast, because you are indexed better than you are protected.

      Of course they are keeping track of everything the users have installed. That's actually how this works.

      • Re:crapware (Score:5, Informative)

        by awwshit ( 6214476 ) on Sunday December 20, 2020 @01:02PM (#60851260)

        Most tools like this use signatures and/or software methods for detection, they keep lists of your files locally and don't need to send them out. Most tools pull signatures in rather than sending the data out. Avast is backwards so that it can glean the most information possible, its how they fund the product.

        How quick we are to forget:
        https://www.reuters.com/articl... [reuters.com]

    • Re: crapware (Score:5, Interesting)

      by satanicat ( 239025 ) on Sunday December 20, 2020 @12:31PM (#60851178)

      I was planning on responding with something more specific and less "angry andy"... my experience with avast isn't related to harvesting information, but perhaps your right?

      A few years ago I had avast installed on an android device. Every week it would presumably scan the device and leave a notification that it had done so, urging me to click it for the report.

      The report did in fact have the desired message, but burried within a screen that looked almost identicle to the google play store, loaded with app and game referral links.

      I left negative feedback and uninstalled the app. Avast did respond to my feedback saying they felt a free app they had a right to advertise with. I don't disagree with that, but I strongly disagree with the apprioach. I felt they were trying to protect my device from other apps from doing deceiving things while doing that themselves.

      • Re: (Score:2)

        by tlhIngan ( 30335 )

        Unless the app somehow gets root access, there's no point to scanning because it can't.

        Think about it - Android by default prohibits an app from accessing another app's data. Otherwise it would violate data protections - if any app can access any data from any other app, then apps would literally steal everything - emails, texts, passwords, banking information, cryptocurrency wallets and such as part of the advertising system.

        Likewise, apps can't access other apps.

        All these things really do is catalog the i

        • Chrome and Edge are sandboxed, an extension does not have access to anything else on the PC just because the user has access. This is the same idea behind the Android feature you describe. Generally, evil extensions are limited to data and actions which they can do within the browser itself. There are exceptions though, from time to time a bug allows a sandbox escape, those are generally quickly patched.
  • The real question here is if this can be used to “justify” cutting enough permissions to stop ad blocking from cutting into googles revenue stream. After all, it’s all in the name of “safety”.

    • The real question here is if this can be used to “justify” cutting enough permissions to stop ad blocking from cutting into googles revenue stream. After all, it’s all in the name of “safety”.

      This kind of crap costs Google money. They are the ones paying out to the scammers, and the traffic those scam sites get aren't of any actual value to the users that accidentally visit them.
      This is not in Google's interest.

      • I’m referring to this [slashdot.org]. Of course it’s not related and this “hurts” users. That’s why this is titled “flimsy excuse”.

  • The only extensions I trust are Privacy Badger (because it's produced by the EFF) and uBlock Origin (because it has a long track record and is so high profile amongst the tech literate that we would find out very quickly if it was e.g. sold to a potential scammer etc.).

    I expect there are few other trustworthy extensions, maybe noscript etc.

    Otherwise, just do without. A little convenience is not worth the risk.

  • I wanted to install all 28, but my PC burst into flames :(

  • Does this mean that Avast now detects when users install Avast browser extensions?

    Avast is among the worst of the worst in AV/EDR.

    I'd consider choosing McAfee before choosing Avast.

    I'd consider shooting myself in the balls before choosing McAfee.

  • maybe google or some third party should make a chrome/chromium extension scanner that scans for malicious browser extensions, and removes them or disables them so you can take further action,
    • a) don't tempt me. b) I'm not sure how one can easily scan to determine if an extension is malicious just by looking at the source code. I mean, I could do it by white or black list of extension ID's, but I'm not sure that would be any better. If you have any ideas, I'm all ears.

      • I'm not sure how one can easily scan to determine if an extension is malicious just by looking at the source code.

        Especially if they don't install the malicious behavior until the fourth update, after everyone has relaxed their guard.

  • I did have one of these extensions installed; I removed it, and it does seem that connecting to URLs is now faster (and "innocent'?!). Note, the original article provided not just names of extensions but also links to their install/uninstall page -- which is good, too many names in the world of extensions are almost the same.
  • They will be malware free. We aren't just locking our systems down.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close