More than two dozen malicious programs posing as third-party extensions for top social media sites have been downloaded some 3 million times, surreptitiously redirecting users to phishing sites, displaying advertisements, and stealing data, antivirus firm Avast reports.
The cybercriminals behind the 28 third-party extensions camouflaged the malicious functionality as a variety of add-on features — such as video downloaders and direct message apps — for social media sites, including Facebook, Instagram, SoundCloud, and Vimeo. The extensions are written in JavaScript, can exfiltrate information on the user, and can download and execute additional malicious code, Avast stated in a report published today.
The company found no evidence of the extensions being used as a bridge into corporate networks, but attackers may have the ability to download…