• Skip to primary navigation
  • Skip to main content

Chrome Unboxed - The Latest Chrome OS News

A Space for All Things Chrome, Google, and More!

  • News
  • Reviews
  • Unboxing
  • Chromebooks
  • Upcoming
  • Deals
  • Tips
  • Podcast
  • Home
  • Gaming
  • SEARCH
You are here: Home / Extensions / Millions of users have had their data stolen by these 15 Chrome extensions – remove them right now!
Millions of users have had their data stolen by these 15 Chrome extensions – remove them right now!

Millions of users have had their data stolen by these 15 Chrome extensions – remove them right now!

December 17, 2020 By Michael Perrigo Leave a Comment

Malicious extensions in the news again? No way! Well, yes, unfortunately, but you’re probably not at all surprised and you’re certainly not at all happy about it. In February, Google removed over 500 malicious extensions from the Chrome Web Store which were injection ads into millions of Chrome browsing sessions. Back in June, Awake Security reported another 100 from 15,160 domains. Now, according to Avast after first being found by CZ.NIC, there exist 15 more that users should uninstall this very moment!

Based on their recent findings, a total of 28 extensions (15 in Chrome and 13 in Edge) that are mostly geared toward Facebook and Instagram use cases are instead redirecting user traffic to ads and phishing sites and collecting their personal data such as their birth dates, email addresses, and active devices. Not only that, but they’re also collecting browsing data and they have the ability to directly download malware onto a user’s device (but Chromebooks can’t get malware)!

Avast researchers said they believe the extension developers ran the campaign to hijack user traffic for monetary gains stating that “For every redirection to a third-party domain, the cybercriminals would receive a payment.”

“Our hypothesis is that either the extensions were deliberately created with the malware built in, or the author waited for the extensions to become popular and then pushed an update containing the malware,” Avast researcher Jan Rubin says. “It could also be that the author sold the original extensions to someone else after creating them and then his client introduced the malware afterwards.”

Avast Blog

Apparently, Avast’s Threat Intelligence team started monitoring this threat back in November, but they believe it could have been active for years as reflected in some of the extensions’ reviews. The craziest part is that most of these extensions can still be downloaded and since Avast made Google aware of the issue, only a few of them have been removed from the Web Store, though it’s said that they are currently investigating each.

This is not okay. Extensions have long since been the weak link in the Chrome browser’s armor – it’s only real security vulnerability. To be fair, it’s difficult, even near impossible to control the experience where there is so much input and influence from third-parties and the Chrome Web Store basically feels like the wild west. Google is doing a ton of work to change that though, including the creation of a “seal of approval” of sorts for extensions that help mitigate privacy issues, which will be rolling out early this next year, and even by giving you direct control over what data an extension has access to and on which websites.

There is no doubt that these issues may persist long after the new year, and there is certainly much work to be done, so we’ll have to see what other creative solutions Google can come up with to wrangle extensions into submission. I would vote that we simply get rid of them entirely to solve the problem, but many extensions like Honey, Toby, Stadia Enhanced, Cog, uBlock Origin and more do some real good for Chrome users and deserve to exist. This means that instead, Google will need to take a more cautious approach to the situation and separate the sheep from the goats, so to speak, and that will take time.

Let me state here and now that if you have any of the following extensions installed on your computer, remove them right this instant! Do not under any circumstance install the extensions below – we are linking them only so that you can verify their identity in full. You can view your extensions by typing chrome://extensions into your URL bar or Omnibox above.

  • Direct Message for Instagram
  • DM for Instagram
  • Invisible mode for Instagram Direct Message
  • Downloader for Instagram
  • App Phone for Instagram
  • Stories for Instagram
  • Universal Video Downloader
  • Video Downloader for FaceBook™
  • Vimeo™ Video Downloader
  • Zoomer for Instagram and FaceBook
  • VK UnBlock. Works fast.
  • Odnoklassniki UnBlock. Works quickly.
  • Upload photo to Instagram™
  • Spotify Music Downloader
  • The New York Times News
Get Alerted About New Posts On
Your Schedule
Sign Up For The Official Chrome Unboxed Newsletter
Latest Posts
  • PSA: Google Tasks now works in landscape mode on Chromebooks and it makes all the difference
  • Chrome OS turns 10 & we’ve partnered with Google for a very special giveaway to celebrate
  • Chrome OS 89 is here with a hat full of tricks
  • ASUS Chromebook Flip CX5 and CM5 appear on Google’s Chromebook page with pricing info

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Filed Under: Extensions, News

About Michael Perrigo

Think. Tinker. Dominate. Game developer and author. Must learn something new every day. I have a passion for the mobile games industry and where it's headed. I enjoy working out and eating delicious food to counteract my progress.

TWITTER | FACEBOOK | INSTAGRAM | YOUTUBE | EMAIL | ABOUT

Copyright © 2021 · Chrome Unboxed · Chrome is a registered trademark of Google Inc.
We are participants in various affiliate advertising programs designed to provide a means for us to earn fees by linking to affiliated sites.

GET EMAIL UPDATES

Privacy Policy

  • Reviews
  • Editorial
  • About