A Brief Guide to Help You Avoid Malicious Browser Extensions

There are dozens of Internet browsers on the market. They are typically all free and when they come stock, are pretty much all the same. Most of the most popular ones come with an app store where users can download useful apps to make their experience better. Unfortunately, there are times that malicious code gets in there. Security firm Avast recently found 28 third-party extensions that are extraordinarily popular that had malicious code found in them.

How Do Browser Extension Threats Work?

These attacks work in much the same fashion as a phishing attack or spoof would. The user is promised something but winds up infected. The software that is downloaded might perform the task as advertised, but it may also redirect users to a malicious ad or website, or simply siphon data from the browser.

In the extensions found to have malignant code, Avast found code that was:

• Redirecting traffic to advertisements (falsely generating revenue)
• Redirecting traffic to phishing websites
• Collecting personal data
• Collecting browsing history
• Downloading additional malware onto a user’s device

The company’s researchers believe that the first code was the one actively used. It generated fraudulent revenue for the creators of these extensions. If they haven’t been removed already, they should be removed immediately by your IT admin to avoid data theft.

Here is a complete list:

Chrome

• App Phone for Instagram
• Direct Message for Instagram
• DM for Instagram
• Downloader for Instagram
• Invisible mode for Instagram Direct Message
• Odnoklassniki UnBlock. Works quickly.
• Spotify Music Downloader
• Stories for Instagram
• The New York Times News
• Universal Video Downloader
• Upload photo to Instagram™
• Video Downloader for FaceBook™
• Vimeo™ Video Downloader
• VK UnBlock. Works fast.
• Zoomer for Instagram and FaceBook

Edge

• DM for Instagram
• Downloader for Instagram
• Instagram App with Direct Message DM
• Instagram Download Video & Image
• Pretty Kitty, The Cat Pet
• SoundCloud Music Downloader
• Stories for Instagram
• Universal Video Downloader
• Upload photo to Instagram™
• Video Downloader for FaceBook™
• Video Downloader for YouTube
• Vimeo™ Video Downloader
• Volume Controller

Check your company’s network to see if any of these are being actively utilized and block them immediately.

If you need help to keep control over your IT, call the IT professionals at BNMC today at (978) 482-2020. Our experts can help you maintain and manage your software to ensure that you won’t have to deal with malicious software in the future.