Ars Technica reports that the original developer for both extensions quire recently sold off the rights to both. The new developers have since rolled out updates that added malicious code. The discovery was made by the maker of another extension, uBlock Origin, on which the Nano Adblocker is based.
With the new malicious code, browsers infected by Nano Adblocker and Nano Defender are giving likes to large numbers of Instagram posts without user input. The infected browsers were also accessing other user accounts that weren’t already open in the browser. They are believed to be doing this by uploading authentication cookies and using them to gain access to user accounts. Google has since removed them from the Chrome Web Store. You should do the same from your browser too. Oddly enough, both extensions are also available to Mozilla Firefox and Microsoft Edge, but the versions for these browsers are unaffected. Unless you’re using edge and installed them from the Chrome Web Store. To be safe, you should at least log out of all websites on your browser. You may also want to consider changing your passwords too. (Source: Ars Technica)