Over three million people are believed to have downloaded 15 Chrome and 13 Edge malicious extensions onto their browsers. Code has been discovered in these browser extensions that could redirect users to ads and phishing sites, gather personal data and browsing history and download malware onto a user’s device.

Apparently, some of the extensions have been active since the end of 2018. If there is any good news it’s that despite the potential for the loss of personal data the extensions have chiefly been used to hijack user traffic and redirect it to other websites.

It’s not known whether the Chrome and Edge extensions were created with malicious code or whether the code was injected via updates when the extensions reached a certain level of popularity. Many of the extensions have become popular with tens of thousands of downloads often by posing as browser add-ons for downloading multimedia content for various social media platforms.

The malicious extensions for the Chrome browser are said to be:
  • Direct Message for Instagram
  • DM for Instagram
  • Invisible mode for Instagram Direct Message
  • Downloader for Instagram
  • App Phone for Instagram
  • Stories for Instagram
  • Universal Video Downloader
  • Video Downloader for FaceBook
  • Vimeo Video Downloader
  • Zoomer for Instagram and FaceBook
  • VK UnBlock.
  • Odnoklassniki UnBlock.
  • Upload photo to Instagram
  • Spotify Music Downloader
  • The New York Times News
The Edge browser  extensions which are said to contain malicious code are:
  • Direct Message for Instagram
  • Instagram Download Video & Image
  • App Phone for Instagram
  • Universal Video Downloader
  • Video Downloader for FaceBook
  • Vimeo™ Video Downloader
  • Volume Controller
  • Stories for Instagram
  • Upload photo to Instagram
  • Pretty Kitty, The Cat Pet
  • Video Downloader for YouTube
  • SoundCloud Music Downloader
  • Instagram App with Direct Message DM
If you have installed any of these extensions it’s recommended that you delete them.

Browser extensions containing malicious code are a persistent problem and when they steal personal data such as passwords, email addresses and even payment card details are a serious problem indeed.

Cybercrime groups have certainly been active for some time with Chrome and Firefox browser extensions by develop malicious browser add-ons that pose as the real thing.  It’s clear they have also turned their attention to the fledgling Microsoft Edge browser extensions store.

Last month Microsoft said it had removed 18 Edge browser extensions that harboured malicious code or tried to pass off as official extensions.  These extensions were loading ads onto websites that users visited, earning money for the hackers and slowing down web browsing for users.

 Extensions that tried to pass off as legitimate add-ons consisted of:
  • NordVPN
  • Adguard VPN
  • TunnelBear VPN
  • Ublock Adblock Plus
  • Greasemonkey
  • Wayback Machine
  • edge-extension-results.png
Edge extensions that had been compromised with malicious code were:
  • The Great Suspender
  • Floating Player - Picture-in-Picture Mode
  • Go Back With Backspace
  • friGate CDN - smooth access to websites
  • Full Page Screenshot
  • One Click URL Shortener
  • Guru Cleaner – cache and history cleaner
  • Grammar and Spelling Checker
  • Enable Right Click
  • FNAF
  • Night Shift Redux
  • Old Layout for Facebook
If you downloaded, before November 2020, any of the extensions listed above from the Edge add-on store it’s recommended that you remove them.