Many Malicious Chrome and Edge Extensions Downloaded

Malicious Extensions Featured

It’s great to find browser extensions that can ease your load a little and make things just a bit easier. But there are 28 malicious extensions for Chrome and Edge that are doing the opposite. The worst part is that millions of people have already downloaded at least one of these extensions.

Malicious Chrome and Edge Extensions

Security firm Avast announced that 15 Chrome extensions and 13 Edge extensions containing malicious code have already been downloaded and installed by more than 3 million people.

The code found within these extensions has the ability to perform several malicious operations, one of which is downloading more malware onto the user’s devices. Other operations include redirecting users to ads or phishing sites, collecting personal data, and collecting user browser history.

While it sounds like the extensions are meant to carry out some very harmful actions, the Avast researchers believe that only a few of those actions are the main goal of these extensions. They believe the goal is to make money by hijacking user traffic.

Malicious Extensions Malware

“For every redirection to a third-party domain, the cybercriminals would receive a payment,” said Avast.

These malicious Chrome and Edge extensions were found in November. It was also found that some of the extensions have been active for two years, going back as far as December 2018. Users first started reporting issues of being redirected at that time.

An Avast malware researcher, Jan Rubin, said they couldn’t identify whether the extensions had been created specifically with the malicious code or whether the code was added via an update after the extensions earned popularity.

Most of the extensions appear to help download multimedia from an assortment of social media sites, including Facebook, Instagram, Vimeo, and Spotify.

Aftereffects of the Avast Report

Avast reported that while they informed both Google and Microsoft of the malicious Chrome and Edge extensions, one day later, only three of the 15 Chrome extensions had been removed, and none of the extensions for Edge had been.

Because of this, Avast encourages users of these extensions to uninstall and remove them.

The malicious Chrome extensions include:

  • Direct Message for Instagram
  • DM for Instagram
  • Invisible Mode for Instagram Direct Message
  • Downloader for Instagram
  • App Phone for Instagram
  • Stories for Instagram
  • Universal Video Downloader
  • Video Downloader for FaceBook
  • Vimeo Video Downloader
  • Zoomer for Instagram and FaceBook
  • VK UnBlock. Works fast.
  • Odnoklassniki Unblock. Works quickly.
  • Upload photo to Instagram
  • Spotify Music Downloader
  • The New York Times News
Malicious Extensions Hacker

The malicious Edge extensions include:

  • Direct Message for Instagram
  • Instagram Download Video & Image
  • App Hone for Instagram
  • Universal Video Downloader
  • Video Downloader for FaceBook
  • Vimeo Video Downloader
  • Volume Controller
  • Stories for Instagram
  • Upload Photo to Instagram
  • Pretty Kitty, The Cat Pet
  • Video Downloader for YouTube
  • SoundCloud Music Downloader
  • Instagram App with Direct Message DM

You can see in those lists how dangerous the extensions are. Because they have popular social media attached, such as Facebook, YouTube, and Instagram, they could lead users to believe they are authentic.

We have many lists of Chrome extensions if you’re interested, including Chrome extensions that automate boring browsing tasks and Chrome extensions to speed up your browsing.

Laura Tucker
Laura Tucker

Laura has spent nearly 20 years writing news, reviews, and op-eds, with more than 10 of those years as an editor as well. She has exclusively used Apple products for the past three decades. In addition to writing and editing at MTE, she also runs the site's sponsored review program.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox