AddScript Injects Malicious JavaScript Code
Securelist recently released an in-depth look at some of the most widespread malicious browser extensions that computer users had to contend with during the first half of 2022. One of those is the extension named AddScript.
According to Securelist researchers, extensions belonging to the AddScript family of variants may have some sort of useful functionality embedded in them but they also perform a number of malicious activities under the hood.
The malicious code contained in AddScript clones is obfuscated. The extension links up to its command and control server and receives malicious JavaScript code from the server. There is no trace of the additional malicious code that executes apart from increased system load, specifically CPU load.
The malicious JavaScript inserts can perform various functions, including silently "viewing" videos on the victim's computer, generating revenue for the AddScript operator in the process. Different variations of AddScript perform cookie stuffing - filling the victim's browser with cookies that are usually dropped when an affiliate link is clicked.
Some extensions that carry versions of AddScript are "SaveFrom.net helper" and "Y2Mate – Video Downloader", among others.