Sign In

Communications of the ACM

ACM TechNews

Up to 3 Million Devices Infected by Malware-Laced Chrome and Edge Add-ons


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
 The researchers also discovered malicious code in JavaScript-based add-ons that lets them download malware onto an infected computer.

Mmalware-impregnated Google Chrome and Microsoft Edge browser extensions can steal personal data and reroute users to ad or phishing sites, researchers say.

Credit: Getty Images

Researchers at Czech security firm Avast on Wednesday warned that up to 3 million devices have been infiltrated by malware-impregnated Google Chrome and Microsoft Edge browser extensions that steal personal data, and reroute users to ad or phishing sites.

The Avast team identified 28 tainted Chrome and Edge extensions, advertised as tools for downloading content from sites like Facebook, Instagram, Vimeo, and Spotify; some extensions were still available for download from Google and Microsoft as of the time of Avast's posting.

The researchers also discovered malicious code in JavaScript-based add-ons that lets them download malware onto an infected computer.

It remains unknown if the extensions came with the malware preinstalled, or if the developers waited for them to gain a critical user mass before adding a malicious update.

Another possibility is that legitimate developers created the extensions, then unwittingly sold them to malefactors.

 

From Ars Technica
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found