Cyber Security firm Avast has identified malware hidden in as many as 28 third-party Google Chrome and Microsoft Edge extensions that could have impacted over 30 lakh people globally. The extensions are for platforms like Instagram, Facebook and Google Chrome. The malware, which is still active, has the functionality to redirect user’s traffic to ads or phishing sites and to steal personal data. Microsoft and Google Chrome teams are reportedly looking into the issue.
Microsoft said that major internet browsers — Chrome, Firefox, Microsoft Edge, Yandex – were hit by a massive malware called Adrozek, designed to inject ads into search engine results pages. The campaign has been active since at least May 2020 and reached August. The threat was observed on over 30,000 devices every day. Adrozek adds browser extensions, modifies a specific DLL, and changes browser settings. Mozilla Firefox was the worst affected.
CERT-In has warned Google Chrome users of potential cybercrimes. The agency has asked users to immediately update their Chrome browsers to version 84.0.4147.89. It comes with 38 fixes, improvements against exploitable vulnerabilities. Reportedly, these vulnerabilities can enable remote attackers to execute malicious code, access sensitive info, launch a DDoS attack etc. Google, recently removed 70 malicious Chrome extensions that spied on users’ activities.
Chrome was alleged to collect user data through malicious extensions. The firm recently removed 106 such extensions. These malicious extensions often disguised themselves as file converters, security scanners etc. They had code to bypass Chrome’s security scans. CERT-In advised users to uninstalls extensions with IDs in IOCs section, avoid installing extensions from unverified sources, switching to browsers’ developer’s mode to pick malicious extensions.