They also believe that even though the Avast Threat Intelligence team had started monitoring the threat in November 2020, the malware in Google Chrome and Microsoft Edge browser extensions could have been active for years without anyone noticing. For every redirection to a third-party domain, the cybercriminals would receive a payment. “The actors also exfiltrate and collect the user's birth dates, email addresses, and device information, including first sign in time, last login time, name of the device, operating system, used browser and its version, even IP addresses (which could be used to find the approximate geographical location of the user),” the researchers added.Īvast researchers believe that the objective behind this is to monetise the traffic. The malware in both Google Chrome and Microsoft Edge browser extensions stole people's personal data such as birth dates, email addresses, and active devices, the researchers claim.
#AVAST EXTENSION DOWNLOAD#
These allowed the extensions to download further malware onto users' systems.
![avast extension avast extension](https://i.redd.it/qmrg4f5x1a531.png)
#AVAST EXTENSION CODE#
In a blog post, researchers from Avast said that they identified malicious code in the JavaScript-based extensions in both Google Chrome and Microsoft Edge browsers. The malware in the extensions reportedly redirected users to ads or phishing sites and stole their personal data. These add-ons were billed to facilitate downloading pictures, videos, or other content from platforms such as Facebook, Instagram, Vimeo, and Spotify. Its researchers say that they were able to identify at least 28 extensions available on Chrome and Edge browsers that contained malware. Google Chrome and Microsoft Edge extensions containing malware have been downloaded by around 3 million users, security research firm Avast claims.