Prague-based Avast reported that almost 3 million people have been infected by browser extensions they downloaded for Google Chrome and Microsoft Edge browsers. The malware-infected apps can steal private data and redirect users to phishing or advertising sites.
Many of the extensions claim to be apps that are tools to download pictures, videos, and content from social media sites. The sites include Instagram, Facebook, Vimeo, and Spotify. Some of the malware-infected sites are still available for download from both Google and Microsoft.
Malware-infected apps spy on users
Avast detailed the threat of the browser extensions in its report claiming, “Users have also reported that these extensions are manipulating their internet experience and redirecting them to other websites. Anytime a user clicks on a link, the extensions send information about the click to the attacker’s control server, which can optionally send a command to redirect the victim from the real link target to a new hijacked URL before later redirecting them to the actual website they wanted to visit.”