31478 Industrial Road Suite 200, Livonia, Michigan 48150 sales@xfer.com

XFER Blog

XFER Blog

XFER has been serving the Livonia area since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Watch Out for Malicious Browser Extensions

Watch Out for Malicious Browser Extensions

Browser extensions are nifty little programs that can be implemented into your web browser itself, adding onto its capabilities and utility… at least, that’s the concept. Unfortunately, these programs also give cybercriminals a means of secretly launching an attack. The security firm Avast recently identified 28 such third-party extensions that have been installed—according to the download numbers, at least—by about three million people on Google Chrome and Microsoft Edge combined.

How Do These Threats Work?

These attacks work similarly to how a phishing attack or a spoofed email would, as a user is promised one thing but winds up receiving something very different. While a malicious application may perform the task it claims to, it also may redirect the user to a phishing website or ad (making the cybercriminal some money) or simply steal some of the user’s information, like their birthday or email address.

In the case of these extensions, the code needed for several different malicious operations was present, including:

  • Redirecting traffic to advertisements (falsely generating revenue)
  • Redirecting traffic to phishing websites
  • Collecting personal data
  • Collecting browsing history
  • Downloading additional malware onto a user’s device

Avast’s researchers believe that only the first code was actively utilized, generating ill-gotten revenue for the creators of these extensions. Regardless, these extensions should be removed from any systems on your business’ network that they may be installed on.

The impacted extensions are as follows:

Chrome

  • App Phone for Instagram
  • Direct Message for Instagram
  • DM for Instagram
  • Downloader for Instagram
  • Invisible mode for Instagram Direct Message
  • Odnoklassniki UnBlock. Works quickly.
  • Spotify Music Downloader
  • Stories for Instagram
  • The New York Times News
  • Universal Video Downloader
  • Upload photo to Instagram™
  • Video Downloader for FaceBook™
  • Vimeo™ Video Downloader
  • VK UnBlock. Works fast.
  • Zoomer for Instagram and Facebook

Edge

  • DM for Instagram
  • Downloader for Instagram
  • Instagram App with Direct Message DM
  • Instagram Download Video & Image
  • Pretty Kitty, The Cat Pet
  • SoundCloud Music Downloader
  • Stories for Instagram
  • Universal Video Downloader
  • Upload photo to Instagram™
  • Video Downloader for FaceBook™
  • Video Downloader for YouTube
  • Vimeo™ Video Downloader
  • Volume Controller

Again, we encourage you to check your company’s network to ensure that these extensions are not installed in any of your users’ browsers, and that you encourage your employees to do the same.

Not sure how to go about doing so? XFER can help. As a managed service provider, our services include remotely monitoring your business’ technology and network for threats while keeping abreast of this kind of news so that we can proactively resolve any issues that may influence your operations. 

Find out more today by reaching out to us at 734-927-6666 / 800-GET-XFER.

Luck Isn’t a Cybersecurity Strategy
Even Santa’s Workshop Can Benefit from Managed Ser...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Wednesday, 25 December 2024

Captcha Image

Customer Login


Cybersecurity Risk Assessment

cybersecurity-audit

Our risk assessment will reveal hidden problems, security vulnerabilities, and other issues lurking on your network.

Request Yours Today!

Contact Us

Learn more about what XFER can do for your business.

XFER Communications, Inc.
31478 Industrial Road Suite 200
Livonia, Michigan 48150