200,000 People Have Installed The Fake “Internet Download Manager” Chrome Extension.

by | Mar 7, 2024

The “Internet Download Manager” Google Chrome extension, which has been downloaded by over 200,000 people, contains malware.

According to the earliest user reviews that have been published, the extension has been available on the Chrome Web Store since at least June 2019.

Although the extension might set up a well-known and reliable download manager, BleepingComputer noticed the extension engaging in undesirable behaviour, including opening links to spammy websites, changing the default browser search engine, and relentlessly pestering the user with pop-ups requesting the download of more “patches” and unwanted programmes.

A Malicious Chrome Extension Has Been Installed By Over 200,000 Users:

There is a genuine Windows programme named Internet Download Manager that is produced by the Tonec software firm.

For Firefox and Chrome, Tonec does provide Internet Download Manager plugins. However, the company’s genuine Chrome extension is known as the “IDM Integration Module.”

Additionally, Tonec’s FAQ expressly advises users to avoid using any IDM extensions that may be purchased on the Google Store.

Contrarily, the fake “Internet Download Manager” Chrome extension seems to be controlled by a website called “Puupnewsapp,” which claims that it “increases your download speed up to 500%” and is a “wonderful tool” for downloading games, movies, music, and “large files in minutes.” sounding well.

The instructions given by the fake extension are even more confusing since they question why users must download and set up multiple programmes after downloading the extension.

Users are now need to download a “Windows patch” ZIP file in addition to an executable from the puupnewsapp website in order to install “Internet Download Manager,” specifically:

“hxxps://www.puupnewsapp[.]com/idman638build25.exe”

“hxxps://www.puupnewsapp[.]com/windows.zip”

The ‘idman638build25.exe’ executable appears to be a valid, signed version of the legitimate Tonec Internet Download Manager.

The ‘windows.zip’ archive analyzed by BleepingComputer, contains both 32-bit and 64-bit versions of NodeJS, and executes JavaScript code to adjust Chrome and Firefox registry settings.

Modifies Search Engines And Encourages Spam:

What also stood out to us was that installing the extension in a test environment changed the default browser search engine to smartwebfinder[.]com.

Along with the extension loading other websites in the browser, frequent pop-ups pushing the user to add more add-ons, like for Firefox, were also noticed.

Thankfully, reviewers have noticed the suspicious activity, some of whom date as far back as 2019. Several (probably fraudulent) reviews claim that the expansion is fine, despite this.

A fast search for “IDM,” “IDM integration add-ons,” or “Download Manager” on the Chrome Web Store will provide results that include extensions with hundreds of thousands of installations and positive ratings that could seem promising.

Users should exercise caution when installing new Chrome extensions and make sure they are the legitimate ones released by reputable software suppliers, even if not all of these extensions could be hazardous.