Warning! Malicious Browser Extensions

Topic

New Reply

The browsers in question are Google Chrome and MS Edge as reported by Sergiu Gatlan over on Bleeping Computer
Discovered by an Avast malware researcher, Jan Rubín explains:

“The extensions’ backdoors are well-hidden and the extensions only start to exhibit malicious behavior days after installation, which made it hard for any security software to discover,”

the extensions in question are listed below

• Direct Message for Instagram
• Direct Message for Instagram™
• DM for Instagram
• Invisible mode for Instagram Direct Message
• Downloader for Instagram (1,000,000+ users)
• Instagram Download Video & Image
• App Phone for Instagram
• App Phone for Instagram
• Stories for Instagram
• Universal Video Downloader
• Universal Video Downloader
• Video Downloader for FaceBook™
• Video Downloader for FaceBook™
• Vimeo™ Video Downloader (500,000+ users)
• Vimeo™ Video Downloader
• Volume Controller
• Zoomer for Instagram and FaceBook
• VK UnBlock. Works fast.
• Odnoklassniki UnBlock. Works quickly.
• Upload photo to Instagram™
• Spotify Music Downloader
• Stories for Instagram
• Upload photo to Instagram™
• Pretty Kitty, The Cat Pet
• Video Downloader for YouTube
• SoundCloud Music Downloader
• The New York Times News
• Instagram App with Direct Message DM

Course of action:
1. Either disable or uninstall if you have any of them on your system
(the later being the safer IMO)
2. Then run a full up-to-date AV/ malware scan.

More info in above link

If debian is good enough for NASA...

6 users thanked author for this post.

WSeikelein, doriel, OscarCP, Cybertooth, Alex5723, Fred

Reply | Quote

Replies

I just checked by clicking on the “Extensions” icon in Chrome and only found four, all familiar to me, because I have installed them myself, and none of those in the list. Is there some other way where I could find if there are any more in some so far unexplored nook, or cranny of Chrome?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

@OscarCP, If your chosen/installed extensions don’t match up to any on the above list in the original thread post, there’s nothing to worry about.

If debian is good enough for NASA...

2 users thanked author for this post.

kdock, OscarCP

Reply | Quote

[Geo]

I wonder if Firefox will be affected?

• This reply was modified 4 years, 2 months ago by Geo.

Reply | Quote

I am a Firefox ESR user and I only use Mozilla Firefox Recommended Extensions.

Open the Firefox Menu, Add-ons; there is a trophy icon for the Firefox Recommended Extensions.

 

Reply | Quote

So Downloader for Instagram extension could be the reason I was logged out of Instagram and stopped me from logging back in a few days ago. I had to change the password to access it. I thought how strange. I’ve just uninstalled the extension.

Reply | Quote

Bad news is, that something average user trusts (it contains “Instagram”, or “Vimeo” registered trademark for example) has backdoors.
There should be some validation process before enabling extension to be available.

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

Reply | Quote

doriel wrote:

There should be some validation process before enabling extension to be available.

It’s not really feasible to do that. There are too many extensions and not enough resources to review every one of them (every update would have to be evaluated). Firefox has tried to do that by requiring them to be signed, and there are some that are considered “trusted” and are listed as recommended, but it doesn’t mean the ones that are not recommended are bad.

The flip side of requiring addons to be validated is that you’d be denying browser users the ability to make their own choices about addons, and only letting them choose from the relatively few that are “officially” recommended. There was a lot of anger and annoyance when Mozilla first introduced the addon signing thing, which (in typical Mozilla form) started as optional, and was then made mandatory. At some level, you’re taking a leap of faith any time you run any code you didn’t personally write (from the system firmware to the microcode in the CPU to the OS and the applications).

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

2 users thanked author for this post.

Steve, KP

Reply | Quote

Ascaris wrote:

It’s not really feasible to do that

Yes, it is. Apple does that for the ‘billion’ apps in app store.

Reply | Quote

And still misses malware.
https://www.wired.com/story/apple-app-store-malware-click-fraud/

cheers, Paul

3 users thanked author for this post.

jrhmobile, WSeikelein, wavy

Reply | Quote

Browser extensions are usually useful, sometimes fun — and occasionally dangerous.

That’s the case for at least 28 browser extensions analyzed by Avast Threat Intelligence researchers

more info from avast

Reply | Quote

[WSeikelein]

Firefox YES,
Everything else NO.
Many hundreds of customers over the years, by far most of them “computer illiterate” (in their own words). Every single one of them gets installed Firefox with
“uBlock origin”, ‘WOT – Web Of Trust” and “Facebook Disconnect”.

AND: If a web sire does not work well with/in Firefox I tell my customers to NOT USE THIS WEB SITE instead of using Chrome or any of the other browsers.
Works 99.99% of the time.

I don’t recall anymore when and how I learned that Google can’t keep their extensions store clean – plus I don’t want to feed the by now probably biggest information gathering machine.

• This reply was modified 4 years, 2 months ago by WSeikelein. Reason: Typo

Reply | Quote

plus I don’t want to feed the by now probably biggest information gathering machine.

Well then abandon Windows. Firefox has fairly strong support on Linux distros, it should be the main playground for FF. And by the way I really like Vivaldi browser. Check its website here
There are some bugs, but its improving everyday. If I submit discovered bug to its forum, developpers are listening to what I say. Its very pleasant experience.

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

Reply | Quote

Google Chrome, MS Edge…  what are those?

Give me a robust FF (heart of the Rebel Alliance) with a Brave back (when the snapping alligators teeming in the moat I have built around FF simply refuse to let something run…  good on FF and those crocks!)

Reply | Quote

Thank you,  I have checked and found none of these but thanks for the heads up

Joe M.

Reply | Quote

doriel wrote:

Well then abandon Windows

doriel,
I wish I could. I love my Linux Lite system. That was the distro I settled on when I was looking for something easy to transition to coming from Windows. Remember what my customers said about themselves?

But the vast majority of my customers “naturally” run Windows, so I must have it and “know” it. How else could I help them?

And despite my advanced years the additional income is highly appreciated by my wife and me.

1 user thanked author for this post.

doriel

Reply | Quote

I understand.

But the vast majority of my customers “naturally” run Windows, so I must have it and “know” it. How else could I help them?

Im caught in that situation too.

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

Reply | Quote