- The intelligence research team of Avast have stated that these malware can redirect a user’s traffic to some phishing sites and has the ability to gather people’s personal information.
- Around 3 million people affected worldwide, Avast threat intelligence experts recommend to disable or uninstall extensions for now
The international privacy and digital security solutions firm Avast has discovered hidden malware in at least 28 third party Microsoft Edge and Google Chrome extensions, which are linked to some of the globe’s most renowned platforms. The intelligence research team of Avast have stated that these dangerous malware can easily redirect user’s traffic to some phishing sites and has the ability to gather people’s personal email ids, birth dates, and other secret data.
What’s actually happening is that whenever a user is clicking on a link, the extensions then send that information to the attacker’s server. Then, they are being redirected to a hijacked URL before they move to the actual website they want to visit. People have complained that their internet experience is being manipulated by these extensions and they are being redirected to other websites.
User’s privacy is compromised by this procedure since a log of all clicks is being sent to these third-party intermediary websites. The actors also exfiltrate and collect the user’s birth dates, email addresses, and device information, including first sign in time, last login time, name of the device, operating system, used browser and its version, even IP addresses.
The intelligence research team further mentioned that the real intention behind this is to monetize the traffic because, for every redirection to a third party, the cyber-goons would get a payment
Jan Rubín, Malware Researcher at Avast said, “Our hypothesis is that either the extensions were deliberately created with the malware built-in, or the author waited for the extensions to become popular, and then pushed an update containing the malware. It could also be that the author sold the original extensions to someone else after creating them, and then the buyer introduced the malware afterwards.”
The team started looking after this threat from November onwards and at this moment, the malware extensions are still available for download. The digital security firm reported this issue to both Google and Microsoft who are now currently investigating into this issue.