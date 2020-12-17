Malware hidden in at least 28 third-party Google Chrome and Microsoft Edge extensions may have affected around 3 million people worldwide, claim threat intelligence researchers at security firm Avast.

The infected extensions are associated with some of the world's most popular platforms including Video Downloader for Facebook, Vimeo Video Downloader, Direct Message for Instagram, Instagram Story Downloader, VK Unblock, and other browser extensions on Google Chrome Browser, and some on Microsoft Edge Browser.

According to the researchers, the malware has the functionality to manipulate the internet experience and redirect user's traffic to ads or phishing sites and to steal people's personal data, such as birth dates, email addresses, and active devices. Anytime a user clicks on a link, the extensions send information about the click to the attacker's control server, which can optionally send a command to redirect the victim from the real link target to a new hijacked URL before later redirecting them to the actual website they wanted to visit.

"The malware has been quite difficult to detect since it has the ability to "hide itself". It avoids infecting people more skilled in web development since they could more easily find out what the extensions are doing in the background," said Jan Vojtesek, Avast malware researcher.

Avast researchers discovered the threat in November 2020 but they believe that it could have been active for years without anyone noticing. They believe the objective behind this is to monetize the traffic itself.

The security firm noted that the infected extensions are still available for download and both Microsoft and Google are currently looking into the issue. Avast threat intelligence experts recommend users to disable or uninstall extensions until the issue is resolved and then scan for and remove the malware.