Security Market Segment LS
Thursday, 17 December 2020 14:58

Avast warns of malware in browser extensions


Security vendor Avast has identified malware hidden in at least 25 third-party Google Chrome and Microsoft Edge extensions. These extensions are associated with big-name sites including Instagram and Facebook.

The malware hidden in the extensions can redirect users to ads or phishing sites, as well as stealing personal data such as birth dates and email addresses.

Avast estimates that three million people may be affected by this issue.

According to the company, the extensions are:
Direct Message for Instagram
DM for Instagram
Invisible mode for Instagram Direct Message
Downloader for Instagram
Instagram Download Video & Image
App Phone for Instagram
Stories for Instagram
Universal Video Downloader
Video Downloader for FaceBook™
Vimeo™ Video Downloader
Volume Controller
VK UnBlock. Works fast.
Odnoklassniki UnBlock. Works quickly.
Upload photo to Instagram™
Stories for Instagram
Pretty Kitty, The Cat Pet
Video Downloader for YouTube
SoundCloud Music Downloader
Instagram App with Direct Message DM

(There are fewer than 25 extensions in this list as some are available for both Chrome and Edge.)

Some of the extensions that simplify downloading videos have the ability to download further malware onto a user's PC.

Other malicious capabilities include phoning home every time the user clicks on a link (and optionally redirecting them to a different URL before going to the intended page), and collecting the user's birth date, email address, and device information including first sign in time, last login time, name of the device, operating system, used browser and its version, and IP addresses.

IP addresses can be used with varying success to determine the user's approximate geographical location.

Avast researchers believe the motivation was financial, as some sites pay for traffic.

"Our hypothesis is that either the extensions were deliberately created with the malware built in, or the author waited for the extensions to become popular, and then pushed an update containing the malware. It could also be that the author sold the original extensions to someone else after creating them, and then the buyer introduced the malware afterwards," said Avast malware researcher Jan Rubín

"The extensions' backdoors are well-hidden and the extensions only start to exhibit malicious behaviour days after installation, which made it hard for any security software to discover."

Avast suspects the malware may have been around for two years or more.

The malware is quite stealthy. According to Avast malware researcher Jan Vojtěšek "the virus detects if the user is googling one of its domains or, for instance, if the user is a web developer and, if so, won't perform any malicious activities on their browsers. It avoids infecting people more skilled in web development, since they could more easily find out what the extensions are doing in the background."

At least some of the infected extensions were still available for download at the time of writing, even though Avast had reported them to Microsoft and Google.

Avast's recommendation is that "users disable or uninstall the extensions for now until the problem is resolved and then scan for and remove the malware."

Image: Nick Youngson CC BY-SA 3.0 via Alpha Stock Images


Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Stephen Withers

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News