Over 3 million internet users have reportedly been found out to have installed about 15 Chrome as well as 13 Edge extensions that supposedly all include malicious code according to the security firm Avast.

The 28 extensions contained code that could perform several malicious operations. Avast said it found code to:

  • redirect user traffic to ads
  • redirect user traffic to phishing sites
  • collect personal data, such as birth dates, email addresses, and active devices
  • collect browsing history
  • download further malware onto a user’s device

Avast said it discovered the extensions last month and found evidence that some had been active since at least December 2018, when some users first started reporting issues with being redirected to other sites.

Below is the list of Chrome extensions that Avast said it found to contain malicious code:

Below is the list of Edge extensions that Avast said it found to contain malicious code:

Buy Me A Coffee
READ
New York Times Source Code Stolen Using Exposed GitHub Token

Until Google or Microsoft decide what’s their course of action, Avast recommended that users uninstall and remove the extensions from their browsers.