Millions Of Chrome & Edge Users Affected By 28 Malicious Extensions

Privacy Cyber Security AH Nov AH 2019

Security researchers from Avast have narrowed down 28 malicious extensions that could have affected around 3 million Google Chrome and Microsoft Edge users across the globe.

Notably, as per a report by Avast, exactly 15 extensions on Google Chrome and 13 extensions on Microsoft Edge have been infected with malicious codes.

These 28 malicious extensions on both Chrome and Edge could cause several malicious operations. They could steal your personal data including birth dates, email addresses, and active devices, redirect users to ads, redirect user traffic to phishing sites, and much more.


In fact, these 28 Chrome and Edge extensions are so infected with malicious codes that they can also collect your browsing history. Moreover, these can also install malware onto a user’s device.

And looking at the popularity of these plugins, it could have infected more than 3 million users across the globe. Avast discovered these extensions last month.

Besides, these extensions have been active since December 2018. Furthermore, these extensions covered a broad range of services. That includes messaging platforms to music streaming.


These infected extensions also leverage the names of some well-known brands like Spotify, Instagram, and the New York Times. And this is done to convince users that the plugins are safe.

The primary objective of these extensions was to hijack user traffic for monetary gains

Avast researchers believe that the prime objective of this entire campaign is to hijack and use user traffic for monetary gains. Meaning that for every user redirected to third-party domains, the cybercriminals would receive a share.

One thing that is not clear is if these extensions had been created with malicious code from the beginning. Or if an update added the code after the extensions passed a level of popularity.


The second scenario looks apt as these extensions have crossed tens of thousands of installs. It achieved this by posing as extensions to help users download media from platforms like Facebook, Instagram, Vimeo, or Spotify.

Good thing is that Avast has already informed both Google and Microsoft about these infections. Apparently, both the companies are looking into this matter.

While on one hand, Microsoft is investigating this issue, Google has not commented on the status of the investigation into Avast’s report of malicious extensions.


A matter of concern is that a day after Avast reported these extensions, only three of 15 Chrome extensions were removed. Worse is that all the Edge extensions are still available to download.

Below is the list of all the infected extensions that you should remove, irrespective of waiting for Google or Microsoft to take action:

  • Chrome Extensions
    • Direct Message for Instagram
    • DM for Instagram
    • Invisible mode for Instagram Direct Message
    • Downloader for Instagram
    • App Phone for Instagram
    • Stories for Instagram
    • Universal Video Downloader
    • Video Downloader for Facebook™
    • Vimeo™ Video Downloader
    • Zoomer for Instagram and Facebook
    • VK UnBlock. Works fast.
    • Odnoklassniki UnBlock. Works quickly.
    • Upload photo to Instagram™
    • Spotify Music Downloader
    • The New York Times News
  • Edge Extensions
    • Direct Message for Instagram™
    • Instagram Download Video & Image
    • App Phone for Instagram
    • Universal Video Downloader
    • Video Downloader for FaceBook™
    • Vimeo™ Video Downloader
    • Volume Controller
    • Stories for Instagram
    • Upload photo to Instagram™
    • Pretty Kitty, The Cat Pet
    • Video Downloader for YouTube
    • SoundCloud Music Downloader
    • Instagram App with Direct Message DM