More than three million online users have downloaded 28 malicious Chrome and Edge browser extensions that could be injurious to their internet experiences and personal lives. Avast, a cybersecurity company, reported that the 15 malicious Chrome extensions and 13 harmful Edge extensions are still available for downloads.
Chrome is owned by Google and Edge is a browser owned by Microsoft. Avast said that over three million users have the browser extensions installed on their phones. The security firm announced that the extensions have malicious codes that are used to access users’ private information.
The browser extensions direct users to ads or download infected operations and malware that users have no control over. The extensions also direct users to phishing sites, according to Avast. The security firm also stated that the extensions contain codes that could be used to carry out malicious intentions. It stated, however, that the extensions were only being used for profit-making.
“Every time a user is redirected to a third party website, the people behind the extensions would be given a token,” Avast stated.
Avast stated that it got to know about the extensions last month, but that the extensions may have been available since 2018. The security company stated that it was towards the end of 2018 that users started reporting having problems with the browsers. The users who complained stated that they were being redirected to other sites.
Jan Rubin, an Avast Malware Researcher, explained that it was still unclear if the malicious codes were added to the extensions from the onset or if they were added much later as an update. Rubin stated that the codes could have been added much later after the extensions gained some element of popularity amongst users.
Many of the popular extensions became popular by tricking social media users by advertising that the extensions can be used to download media contents such as videos and pictures from different social media platforms, especially Facebook, Instagram, and Spotify.
Avast also stated that it has informed both Google and Microsoft about the browser extensions. According to Avast, the tech giants have commenced investigations into the extensions. Microsoft has also confirmed that it has commenced investigations into the 13 browser extensions available on Edge. Google, on the other hand, has not made any comments on Avast’s report about the extensions.
Three of the 15 Chrome extensions have subsequently been removed and are no longer available for download but all 13 extensions on Edge are still available for download at the time of writing this report. According to reports, Microsoft has not made any changes because it has been unable to verify Avast’s claims. The security firm however cautions users to take the safe path by deleting the 28 extensions before the tech companies complete their investigations.