More than two dozen browser extensions for Google Chrome and Microsoft Edge can steal personal information, redirect users to advertising and phishing sites, and even install malware, avast researchers announced yesterday (December 16).

About 300,000 users have been exposed to the new browser extensions.

Nearly 3 million people have installed 28 malicious extensions, three-quarters of which were still available in the Chrome and Edge extension stores at the time of this writing. Most of these extensions are video downloaders designed to retrieve streaming data from Facebook, Instagram, Spotify, SoundCloud, Vimeo, YouTube, and other services.

Jan Rubín, a malware researcher at avast, stated that "extension backdoors are well hidden and are difficult for security software to detect because extensions do not exhibit malicious behavior until several days after installation."

If you have any of these extensions installed (there is a list at the end of this article), remove them immediately and thoroughly scan your computer for malware with the best anti-virus software. Browser extensions work the same way on Windows, macOS, and Linux, so all three platforms may be affected.

According to avast, the extension's only real purpose may be to collect money by redirecting users to other websites. However, it records every link the user clicks and sends that information to a remote server, as well as collecting information about the user and the host computer.

"The actor also collects the user's date of birth, e-mail address, and device information (first sign-in time, last log-in time, device name, operating system, browser used and its version, and even IP address (of the user's approximate geographic location) ), as well as IP addresses (which may be used to find a history of the user's approximate geographic location)," the avast report states.

Worse, the extension has the power to "download more malware onto the user's PC," avast said.

The extension's designers took great care to avoid suspicion, which may indicate that their ultimate goal may be more than just ad fraud and search engine redirection. According to avast, the extension can analyze traffic to determine whether the user is a web developer or a security researcher, and if so, it will not engage in malicious activity.

Whoever the user is, the extension waits a while before doing anything malicious.

"Extension backdoors are well hidden and are difficult for security software to detect because extensions do not exhibit malicious behavior until several days after installation," avast states.

Google has a troubling problem with Chrome browser extensions, and the well-funded search engine giant apparently does not properly screen them before allowing them in the Chrome Web Store.

Hundreds of Chrome extensions have been kicked out of the store in 2020 alone for spying on users.

Now that Microsoft has relaunched its Edge browser to share Chrome's infrastructure, the same problem appears to be occurring.

Tom'sGuide asked an avast spokesperson if Firefox browser add-ons (Mozilla's term for extensions) are also included in this campaign.

The full list of avast browser extensions is below. Since many extensions have similar names, links to the Microsoft Edge or Chrome Web Store page for each extension are included to avoid confusion.