If you use Chrome or Edge extensions to download videos from, for example, Facebook, Instagram and Vimeo in your web browser, you should uninstall the add-ons for security reasons and check your computer with a virus scanner.
As Avast security researchers write in a post, they have come across at least 28 third-party extensions for Chrome and Edge that are contaminated with malicious code. These are to be used by a total of 3 million users.
A list of the affected add-ons can be seen in the article. This includes, for example, “Downloader for Instagram”, “Spotify Music Downloader” and “The New York Times News”.
Avast claims to have informed Google and Microsoft about the problem. They now want to take a closer look at the add-ons. A random sample from heise Security showed that many of the extensions are still online.
Several malicious functions
According to the security researchers, the malicious code directs add-on users to phishing and advertising websites. In addition, the code should be able to record personal data such as IP addresses. The researchers assume that the makers of the infected extensions collect rewards through the website redirects. What exactly happens to the personal data is so far unclear.
The researchers do not currently know how and when the malicious code was implemented. The code could have been active for a long time. This is indicated by user comments about redirects from December 2018.
The code should be well hidden in the add-ons. It also analyzes user behavior to a certain extent. If this suggests that the victim is an experienced web developer, no malicious functions are started to avoid detection.