Mods from third parties for popular social media? Malware, it turned out

More than twenty malicious programs posing as third-party plug-ins for popular social media were discovered to escape detection and raise cash. This plug-in has been downloaded more than 3 million times, with features such as exposing ads or diverting users to malicious pages. Protection firm Avast has disclosed this in depth.

A total of 28 such forms of false or malicious plugins have been found so far by Avast. Attackers have fooled people into content such as encouraging them to download videos or quickly send messages to other users from common social network sites such as Facebook, Instagram, SoundCloud, Vimio, etc. In JavaScript, malicious plug-ins are written and most of them are claimed to have a feature to leak user data.

No efforts to infiltrate corporate networks via these plug-ins have been detected to date. “That doesn’t mean that the victims’ organizations are completely safe,” warns Jan Rubin, an AVEST malware researcher. This is because by gathering data such as credentials from the victim system, “it could have infiltrated the enterprise through a separate attack by collecting information such as credentials from the victim system.” For this reason, avast is said to be planning a post with specific technical descriptions.

A malicious plug-in is a tactic that attackers commonly use. It puts malicious code inside and tricks users of popular browsers into installation. More than 500 malicious Chrome plug-ins were discovered by independent security expert Jamila Kaya and safety company Duo Security in February. They had the ability to steal users’ data stored in the browser. In June, Awake Security also uncovered over 70 malicious plugins on the Chrome Web Store.

In the case of malicious plugins discovered this time by Avast, once users click links when browsing the Internet in their browsers, they bypass the URL managed by the attacker and bind to the original connection. In addition, it also gathers users’ date of birth, email address, and device information.

In specific, the view is that The motive of attacking attackers seems to be’money’.” It is also said that there is a chance that malicious functions will rise in different ways. Avast said, “it seems that their main purpose is to incur advertising costs by bypassing multiple URLs.” You may have built a plugin for this strategy from the start, but after any rise in users, you may have created a regular app in the first place and only inserted malicious features via an upgrade. In other words, in the future, it is extremely likely that there will be new proposals.

Last month, this assault was first discovered. Plugins were promoted for Facebook, Vimeo Video Downloader, and Instagram Story Downloader under the same names as Video Downloader. The backdoor function is quite skillfully hidden, and it is said that the malicious function is exerted a few days after installation. “It’s designed in a way that’s good to avoid security software,” Rubin explains.

There is one more function that is significant. The malicious function is stopped as the user begins looking for information pertaining to the malicious domain. The method of deciding whether the consumer is an observer or a developer starts after that. “I’m looking at plugins for the browser. If you have built a number of programs related to web creation or analytics, disable yourself as far as possible to conceal their presence.

In order to primarily exploit users in Ukraine, these malicious plugins have been analyzed. Nevertheless, there have already been quite a few download records in Brazil, Spain and Argentina. Since getting reports from Avest, both Google and Microsoft began investigating.