Over three million people have installed 28 different malicious web extensions between the Chrome and Edge browsers on their computers. The extensions can redirect users to ads, or phishing sites, collect personal data and browsing history, and download more malware. Researchers at Avast stated that though attackers could do all the previously listed items, they were primarily using their access to hijack user traffic for monetary gains. For every redirect that happened because of the extensions, the attackers would get paid by the third-party company. It is unclear if the extension creators made the extension with malicious code in them initially or if they added it after the extension became popular.
Analyst Notes
If the malicious code was added after the extension gained popularity, it would be harder for a person to protect themselves from attacks like these. Any extension that is added to a web browser should be fully vetted before it is installed. It is not recommended that people save their passwords in their browser because some extensions that become malicious can steal these passwords. Avast has reported the extensions to the appropriate people.
The list of malicious extensions and more information can be found here: https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/
