Avast stated that more than three million internet users are estimated to have installed 15 Chrome and 13 Edge extensions that contain malware

Continue reading
Extensions are responsible for redirect users to advertisements, scam sites, collecting users’ details or download malicious software on infected systems.
Researches made from the security firm, Avast stated that more than three million internet users are estimated to have installed 15 Chrome and 13 Edge extensions that contain malware. The 28 extensions contained code that could perform malicious operations like:
But in spite of the presence of code to power all the above malicious features, Avast researchers stated that they believe that the main aim of this campaign was to hijack user traffic for financial gains.
Avast said it discovered the extensions last month and found traces that some had been active since December 2018 when some users started complaining that the extensions were redirecting them to other sites. Avast then reported the issues both to Google and Microsoft who are presently investigating on the matter.
But in this context it needed to be pointed out that many extensions got popularity with tens of thousands of installs.
Below is the list of Chrome extensions that Avast said contained malicious code:
Below is the list of Edge extensions that Avast said it found to contain suspicious code such as:
•Direct Message for Instagram™
•Instagram Download Video & Image
•App Phone for Instagram
•Universal Video Downloader
•Video Downloader for FaceBook™
•Vimeo™ Video Downloader
•Volume Controller
•Stories for Instagram
•Upload photo to Instagram™
•Pretty Kitty, The Cat Pet
•Video Downloader for YouTube
•SoundCloud Music Downloader
•Instagram App with Direct Message DM
Till Google and Microsoft completely finds a solution for removing the malware contained in Google and Edge extensions, Avast advised its users to uninstall and remove the extensions from their browser

A single ClickFix infrastructure is pushing StealC, Amatera, Remus, NetSupport, CastleLoader and a new loader called ResiLoader through fake Google/Cloudflare checks.