Popular browser extensions used for social media sites have been discovered to contain malware that redirected users and stole their private data. — AP Cybersecurity firm Avast found malware hidden in dozens of browser extensions used for popular social media sites that redirected users and stole their data. In a press release, the company stated that the 28 third party Google Chrome and Microsoft Edge extensions may have affected around three million people, based on the app stores’ download count. These identified extensions were supposed to enable users to download videos and music, or do direct messaging for sites like Facebook, Vimeo, Instagram and Spotify. The malware worked by redirecting users to adverts or phishing sites. While on these sites, anything the user types will be logged and sent to the hacker, potentially netting them personal data like birthdates, email addresses and device information. Device info included details like first sign in time, last login time, name of the device, operating system, browser used and even IP address; which could be used to find the user’s approximate geographical location. The extensions also contain malicious code that enable them to download further malware onto a user’s PC. Avast researchers believed the hack’s objective was to monetise the traffic itself, with every redirection to a third party domain resulting in a payout to the cybercriminal. Its malware researcher Jan Rubín theorised that either the extensions were deliberately created with the malware built in or the author waited for the extensions to become popular, then pushed an update containing the malware. “It could also be that the author sold the original extensions to someone else after creating them, and then the buyer introduced the malware afterwards,” he said. Rubín warned that the extensions’ backdoors were well-hidden and it only started to exhibit malicious behaviour days after installation, making it hard for security software to discover. Avast contacted the Microsoft and Google Chrome teams to report the issue, and received confirmation that it was being looked into. As the infected browser extensions are still available for download, the cybersecurity firm recommended that users avoid downloading new extensions and either disable or uninstall existing ones until the issue was resolved, adding that users should also scan for malware on their computers.
ios developer account
buyappleacc.com selling ios developer account for lowest price and best quality, choose us, you will never regret. take one little step with us, you can enjoy the best services.