Malware-Laced Chrome, Edge Browser Extensions

CloudSEK threat intelligence advisory on malware-laced Google Chrome, Microsoft Edge extensions, pose as video downloader applications.

Updated on

April 19, 2023

Published on

December 21, 2020

Read MINUTES

Subscribe to the latest industry news, threats and resources.

Table of Contents

This is also a heading
This is a heading

Advisory	Malware Intelligence
Malware Type	Trojan
Threat level	Medium
Target	Browser Extensions

While extensions are meant to expand the capabilities of a browser, installing browser add-ons that are infected with malware can compromise the security of the computer as well as the victim. Corrupted extensions masquerade as legitimate software programs. In a major malware-based attack, 3 million users were recently hit with 28 malicious Google Chrome and Microsoft Edge extensions. They posed as video downloader applications for platforms like Facebook, Vimeo, Instagram, VK, etc. It was detected that the malicious code was injected into these Javascript-based extensions to download further malware into the victim’s computer.

Malware capabilities:

Produce log files for each time the victim clicks on a URL.
Redirect the users to advertisements and phishing websites
Steal personal data (birthday, email address, first sign-in time, last login time, device information, device name, operating system, browser details, IP address)
Prevent detection even by skilled users in web development

Impacts

Technical Impact:

Steal personal/ sensitive information
Download further malware
Control and monetize from browser traffic

Business Impact:

Data leaks can have an adverse impact on the victims privacy.

List of infected extensions

Direct Message for Instagram	Direct Message for Instagram
DM for Instagram	Invisible mode for Instagram Direct Message
Downloader for Instagram	Instagram Download Video & Image
App Phone for Instagram	App Phone for Instagram
Stories for Instagram	Universal Video Downloader
Video Downloader for FaceBook	Vimeo Video Downloader
Volume Controller	Zoomer for Instagram and FaceBook
VK UnBlock. Works fast.	Odnoklassniki UnBlock. Works quickly.
Upload photo to Instagram	Spotify Music Downloader
Stories for Instagram	Upload photo to Instagram
Pretty Kitty, The Cat Pet	Video Downloader for YouTube
SoundCloud Music Downloader	The New York Times News
Instagram App with Direct Message DM

Mitigations

Use real-time web page monitoring tools
Use web-proxy filtering to block access of unwanted websites

CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.

Table of Contents

This is also a heading
This is a heading

Recent Articles

Critical CSRF Vulnerability in IBM CICS TX - CVE-2023-42027 Demands Immediate Action

November 15, 2023

CVE-2023-43792 baserCMS is a website development framework vulnerable to Code Injection attacks

November 6, 2023

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.

Schedule a Demo

Real time Threat Intelligence Data

More information and context about Underground Chatter

On-Demand Research Services

Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.

Trusted by 400+ Top organisations

Get started

Learn more

Advisory

Malware Type

Threat level

Target

Protect and proceed with Actionable Intelligence