Researchers at Czech security firm Avast on Wednesday warned that up to 3 million devices have been infiltrated by malware-impregnated Google Chrome and Microsoft Edge browser extensions that steal personal data, and reroute users to ad or phishing sites.
The Avast team identified 28 tainted Chrome and Edge extensions, advertised as tools for downloading content from sites like Facebook, Instagram, Vimeo, and Spotify; some extensions were still available for download from Google and Microsoft as of the time of Avast's posting.
It remains unknown if the extensions came with the malware preinstalled, or if the developers waited for them to gain a critical user mass before adding a malicious update.
Another possibility is that legitimate developers created the extensions, then unwittingly sold them to malefactors.
From Ars Technica
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA