Millions of Chrome or Edge users have installed these 28 malicious extensions

News
By published

Harmful plug-ins redirect user traffic in exchange for cash

Malware Magnifying Glass
(Image credit: Andriano.cz / Shutterstock)

Security researchers have discovered 28 extensions for the Chrome and Edge web browsers that contain malicious code. It’s likely that the plug-ins could have infected more than three million people worldwide.

Cybersecurity firm Avast first discovered the extensions last month, with some believed to have been active since at least December 2018. Among the malicious activity that they carry out, some redirect user traffic to ads or phishing sites, some harvest personal or browsing data, and others download additional malware.

Of the 28 malicious extensions identified, 15 were available for the Chrome web browser, while 13 were Edge extensions. They covered a broad spectrum of services, from messaging platforms to music streaming, with many leveraging well-known brands like Spotify and the New York Times to convince users that the downloads are safe.

Malware for money

“Our hypothesis is that either the extensions were deliberately created with the malware built in, or the author waited for the extensions to become popular and then pushed an update containing the malware,” Avast researcher Jan Rubin commented. “It could also be that the author sold the original extensions to someone else after creating them and then his client introduced the malware afterwards.”

Avast also added that it believes the primary goal of the plug-ins is financial, with cybercriminals receiving payment when the extension redirects a user to a third-party domain. Many of the extensions have proven extremely popular, boasting tens of thousands of installs, which could have resulted in some sizeable payments for the attackers.

Avast has passed on its list of malicious extensions to Google and Microsoft, with both companies currently carrying out their own investigations. In the meantime, any individual that has installed one of the plug-ins in question should remove it as soon as possible and run antivirus software on their device.

Via ZDNet

Barclay Ballard
Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things. 

Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
Buzz Lightyear Space Ranger Spin Rennovations
Disney’s giving a classic Buzz Lightyear ride a tech overhaul – here's everything you need to know
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
Opera AI Tabs
Opera's new AI feature brings order to your browser tab chaos
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
More about security
Data leak

Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection

Third-party security issues could be the biggest threat facing your business
Apple iPhone 16 Pro Max Hands on

I'm actually glad the new Siri with Apple Intelligence is delayed, and here's why we've got Apple's AI problem backwards
See more latest
Most Popular
Buzz Lightyear Space Ranger Spin Rennovations
Disney’s giving a classic Buzz Lightyear ride a tech overhaul – here's everything you need to know
Samsung Magician 8.3.0
Samsung reveals a new version of its popular SSD software, and yes, you should absolutely download it if you own a Samsung SSD
NVIDIA RTX PRO 6000 Blackwell Server Edition
Nvidia's most expensive Blackwell card gets massive price cut but it is not the RTX 5090
Opera AI Tabs
Opera's new AI feature brings order to your browser tab chaos
An AI face in profile against a digital background.
The race to trillion-parameter model training in AI is on, and this company thinks it can manage it for less than $100,000
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Ninkear MBOX 8 Pro
This mini PC has a detachable docking station that hides a hard drive, and I am not convinced whether it's a good idea
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
CoreWeave
Is CoreWeave another WeWork? Blogger who caused Nvidia market capitalization to drop by $600 billion in a day thinks so