Malicious code in 28 browser extensions for both Chrome and Edge have been detected by researchers. More than three million people have been believed to install the plug-ins.
Cybersecurity company Avast made an analysis of the extensions last month, following a study by Czech researchers at CZ.NIC. According to these researchers, some of those extensions have been active since at least December 2018.
Malicious activities such as redirecting users to ads and phishing sites, collecting personal data and browsing history, and downloading other malware onto the host device have apparently occurred in the process. Avast indicated that the main objective of the malwares was to hijack user traffic for monetary gains. The hackers got paid whenever a user got redirected to a third-party domain.