Skip to main content

Are you using any of these browser extensions? Uninstall them now

Extensions and add-ons are a great way to get more out of your browser, but they also offer a convenient route for cybercriminals to perform a variety of nefarious acts that could threaten the security of your PC and online activities.

Security firm Avast said this week that it has identified malicious software hidden in at least 28 third-party Google Chrome and Microsoft Edge extensions. Stats from the web stores suggest the extensions have received 3 million downloads globally.

Related Videos

The company said the malware could potentially redirect users to phishing sites, which could lead to an attempt to steal personal data.

The extensions work with popular online platforms such as Facebook, Instagram, Spotify, and Vimeo, and help users download videos and other content from the sites.

“The researchers have identified malicious code in the JavaScript-based extensions that allows the extensions to download further malware onto a user’s PC,” Avast said, adding that users have also reported that the add-ons are manipulating their online experience and redirecting them to other websites.

“The actors also exfiltrate and collect the user’s birth dates, email addresses, and device information, including first sign-in time, last login time, name of the device, operating system, used browser and its version, even IP addresses (which could be used to find the approximate geographical location history of the user),” the security firm noted.

But Avast said the main goal appears to be to monetize the traffic itself, with the perpetrators receiving a payment for every redirection to a third-party domain.

Avast malware researcher Jan Rubín said: “Our hypothesis is that either the extensions were deliberately created with the malware built-in, or the author waited for the extensions to become popular, and then pushed an update containing the malware. It could also be that the author sold the original extensions to someone else after creating them, and then the buyer introduced the malware afterwards.”

Avast’s discovery is an important reminder to always exercise caution when downloading an extension for your browser, and to make sure you have up-to-date antivirus software enabled. Now would also be a good time to review all of your browser extensions and to uninstall those that you rarely use.

Some of the infected extensions are still available for download, though Avast said it’s contacted Microsoft and Google and both companies are now investigating the issue. Browser creators are constantly on the lookout for dodgy extensions. Google, for example, eliminated 500 of them from its Chrome Web Store earlier this year.

Below are the affected extensions discovered by Avast. If you have any of these on your PC, you’re advised to uninstall them immediately and run a scan for malware.

Direct Message for Instagram
Direct Message for Instagram
DM for Instagram
Invisible mode for Instagram Direct Message
Downloader for Instagram
Instagram Download Video & Image
App Phone for Instagram
App Phone for Instagram
Stories for Instagram
Universal Video Downloader
Universal Video Downloader
Video Downloader for Facebook
Video Downloader for Facebook
Vimeo Video Downloader
Vimeo Video Downloader
Volume Controller
Zoomer for Instagram and Facebook
VK UnBlock. Works fast.
Odnoklassniki UnBlock. Works quickly.
Upload photo to Instagram
Spotify Music Downloader
Stories for Instagram
Upload photo to Instagram
Pretty Kitty, The Cat Pet
Video Downloader for YouTube
SoundCloud Music Downloader
The New York Times News
Instagram App with Direct Message DM

Editors' Recommendations

Firefox just got a great new way to protect your privacy
Canva in Firefox on a MacBook.

If you’re fed up with signing up for new accounts online and then being perpetually spammed in the days and weeks after, Mozilla has an idea that could help. The company has just announced its Firefox Relay feature is being directly integrated into its Firefox web browser, and it could help guarantee your privacy without any extra hassle.

Firefox Relay works by letting you create email “masks” when you sign up for new accounts. Instead of entering your real credentials into the sign-up field, Firefox Relay provides you with a throwaway address and phone number to use. Any messages from the website -- such as purchase receipts -- are then forwarded to your real email address, with all the sender’s tracking information stripped out to protect your privacy.

Read more
Microsoft’s Bing Chat waitlist is gone — how to sign up now
Microsoft Edge browser showing Bing Chat on an iPhone.

It appears Microsoft is doing away with the long Bing Chat waitlist. As originally reported by Windows Central, new users who sign up for the waitlist are immediately given access to the AI chatbot, without having to wait, and Digital Trends has confirmed this to be the case.

Microsoft hasn't officially killed the waitlist, but it should go away in short order. On Tuesday, Microsoft bolstered OpenAI's launch of the GPT-4 model by confirming that it was the model behind Bing Chat. Microsoft is also set to host an AI-focused event on Thursday, where we expect to hear about AI integrations in Microsoft's Office apps like Word and PowerPoint. It's possible Microsoft could remove the waitlist during the presentation.

Read more
The most common Chromebook problems and how to fix them
A person working on a Toshiba Chromebook.

Chromebooks are great alternatives to MacBooks and Windows 10 laptops, but they aren’t perfect. Any laptop computer is bound to have issues, and some of the most common problems faced by Chromebook users can feel difficult or even impossible to solve on their own. 

From issues with updates to internet connectivity, troubleshooting common Chromebook problems doesn’t have to ruin your day. Read on to discover easy fixes for the most frequent issues Chromebook users face. 
The Diagnostics app

Read more