Turbo Downloader for Instagram is MALWAREEEEE

19 views
Skip to first unread message

Akam Ramezani

unread,
5:46 AM (6 hours ago) 5:46 AM
to Chromium Extensions

Extension name: Turbo Downloader for Instagram

Summary of issue:
This extension silently intercepts files selected via file-upload dialogs on unrelated, arbitrary websites and transmits them to a third-party Telegram bot without any user consent, notification, or disclosed functionality related to this behavior.

What I observed:
I noticed that files I selected through upload dialogs on completely unrelated websites (having nothing to do with Instagram or media downloading) were appearing, with the exact original filename, on a Telegram bot (@NexusSearch724Bot) within seconds of selection — before I had even submitted or confirmed the upload on the site itself.

To confirm this wasn't a coincidence, I ran a controlled test: I created a harmless dummy text file and selected it via a file-upload field on a random, unrelated website. That file also appeared on the same Telegram bot almost immediately.

I then disabled my browser extensions one by one and repeated the test after each removal. When I disabled "Turbo Downloader for Instagram," the behavior stopped. Re-testing confirmed this extension was the cause — it was reading and forwarding files at the moment of selection in file-input fields across arbitrary websites, unrelated to its stated purpose of downloading Instagram media.

Why this is concerning:

  • The extension's described functionality (downloading Instagram content) has no legitimate reason to access or transmit files selected on unrelated third-party websites.
  • Files were being exfiltrated to an external, undisclosed Telegram bot, which is not mentioned anywhere in the extension's description, privacy policy, or permissions justification.
  • This behavior occurred silently, with no user notification, consent prompt, or visible indication that file data was being transmitted elsewhere.
  • This pattern is consistent with data exfiltration/spyware behavior rather than a bug, given that it specifically triggers on file-selection events across arbitrary sites.

Requested action:
I'm requesting that this extension be investigated and, if the behavior is confirmed, removed from the Chrome Web Store to protect other users from unauthorized data collection and potential exposure of sensitive files (documents, images, personal or confidential data) they may select while the extension is active.

Patrick Kettner

unread,
6:23 AM (5 hours ago) 6:23 AM
to Akam Ramezani, Chromium Extensions
Hi Akam,
Appreciate you warning people of a concern, but this mailing list isn't the best way to do so. Have you gone to the listing page and reported it (there is a "Flag Concern" link at the bottom of the listing page)?

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/6e668f0d-ce1a-4583-967f-1bd1616f01b4n%40chromium.org.
Reply all
Reply to author
Forward
0 new messages