While extensions are meant to expand the capabilities of a browser, installing browser add-ons that are infected with malware can compromise the security of the computer as well as the victim. Corrupted extensions masquerade as legitimate software programs.

In a major malware-based attack, 3 million users were recently hit with 28 malicious Google Chrome and Microsoft Edge extensions. They posed as video downloader applications for platforms like Facebook, Vimeo, Instagram, VK, etc. It was detected that the malicious code was injected into these Javascript-based extensions to download further malware into the victim’s computer.

Malware capabilities:

• Produce log files for each time the victim clicks on a URL.
• Redirect the users to advertisements and phishing websites
• Steal personal data (birthday, email address, first sign-in time, last login time, device information, device name, operating system, browser details, IP address)
• Prevent detection even by skilled users in web development

Impacts

Technical Impact:

• Steal personal/ sensitive information
• Download further malware
• Control and monetize from browser traffic

Business Impact:

• Data leaks can have an adverse impact on the victims privacy.

List of infected extensions

Mitigations

• Use real-time web page monitoring tools
• Use web-proxy filtering to block access of unwanted websites