In the Chrome Web Store directories and
Microsoft Edge Add-ons detected a> 28 add-ons with malicious code, totaling over three million installations. Most add-ons implement functionality for downloading images, videos and other content from popular social networks and services such as Facebook, VK, Odnoklassniki, Instagram, Vimeo and Spotify. In addition to the standard features, the add-ons also include malicious code that sends personal data to external servers and redirects to phishing sites and advertising pages.
In particular, add-ons send information to an external host about each transition of a user to a new site. In response, the add-on can be returned with a command to redirect the user to a different site instead of the original link. In addition to this add-ons intercept and send data such as email addresses, birth dates, IP addresses, hardware and operating system configuration information to an external server.
It is noted that problematic add-ons were identified in November, but malicious activity in some of them has been traced since December 2018, when the first complaints of some users about opening other sites when clicking on links were noticed. It is not yet clear whether the malicious code was distributed initially or was added in one of the updates after the accumulation of a large user base. It is also possible that the malicious code was added by the new owner after the add-ons were sold by the author.
Problematic add-ons in the Chrome Web Store:
- Universal Video Downloader
- Video Downloader for FaceBook
- VK UnBlock. Works fast.
- Odnoklassniki UnBlock. Works quickly.
- Direct Message for Instagram
- DM for Instagram a>
- Invisible mode for Instagram Direct Message
- Downloader for Instagram
- App Phone for Instagram