Cybersecurity experts at Avast have found 28 malicious extensions (15 in Chrome and 13 in Edge), redirecting mostly Facebook and Instagram users to phishing websites and stealing their personal data.
After Google deleted more than 500 malicious extensions from the Chrome Web Store and another 100 from 15,160 domains, researchers at Avast discovered 15 additional chrome extensions used to steal users’ data via phishing websites.
Browser Extensions
According to the Avast researcher Jan Rubin, “either the extensions were deliberately created with the malware built-in, or the author waited for the extensions to become popular and then pushed an update containing the malware.”
Rubin added that in other cases, the malware creator might have sold the original extensions to someone else, and “his client introduced the malware afterward.”
Nevertheless, the strangest thing here is that most of the malicious extensions can be downloaded by the PC users themselves via Chrome. Despite knowing this, Google has only removed some of these extensions from its official web store.
Leave a Reply
Thank you for your response.
Please verify that you are not a robot.