Browser extensions are small blocks of code that allow users to customise the browsing experience and add additional features and functionalities to a basic browser. These features can include blocking advertisements, changing the appearance of web pages, grammar-checking your writing, and much more. Extensions can be downloaded typically for free from official browser provider sites, for instance Chrome’s, Safari’s, and Mozilla’s online stores, or from other sites. As they improve the convenience, productivity, and efficiency of browsers for both personal and work-related activities, extensions have become increasingly popular.
Browser extensions, however, are not always as secure as they look, and can pose a significant challenge to cybersecurity. As a matter of fact, extensions can be easily downloaded with just one click, typically have full access to the contents of any web page the user loads and can handle sensitive data. This has made extensions a valuable target for threat actors.
Malicious extensions, and “good” extensions gone bad
Seeing the popularity of browser extensions, cybercriminals have found ways to package malware inside seemingly legitimate extensions. As a matter of fact, these add-ons may impersonate legitimate and popular extensions, or may have legitimate and helpful functions in addition to the malicious ones. Malicious extensions allow threat actors to perform many illicit activities, including spying on users’ web activity, and stealing sensitive data, including passwords, and personal and financial information.
Threat actors have also managed to distribute malicious extensions through browsers’ official marketplaces. In 2020, Google found and subsequently removed over 106 extensions from the Chrome Web Store, which had been downloaded over 32 million times. These malicious extensions were responsible for tracking and stealing sensitive information, including passwords, and could even take screenshots. The users who had downloaded these malicious extensions included businesses as well, giving threat actors access to financial services firms, oil and gas companies, and healthcare and government organisations.
The most popular type of malicious extension are those containing adware. Threat actors insert unwanted software in the extensions that allows them to generate revenue by automatically displaying a high number of advertisements on users’ screens. The second most popular type, are extensions that contain malware, that can track users’ activity, steal information, gain access to users’ cameras and photos, and access users’ emails and sensitive data. Legitimate extensions can also turn into malicious ones at a later time. In fact, legitimate extensions can be hijacked or bought by threat actors, who can then push updates containing malicious code, which will inject malware into the extension.
According to Kasperky’s findings, between 2020 and 2022 almost 7 million users have attempted to download malicious browsers extensions, of which 70% were infected with adware.
How to stay protected
To avoid inadvertently installing malicious extensions there are some elements to pay particular attention to:
The information contained in this article is provided by White Blue Ocean, part of CRIF Group, a global company specializing in credit & business information systems, analytics, outsourcing and processing services, as well as advanced digital solutions for business development and open banking.
Reference list
The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free.
Italian retail chain CONAD was hit by the Lynx ransomware group on November 2024. Despite the breach, CONAD's immediate defensive measures successfully protected customer data. The article investigates on the tactics of Lynx, a Ransomware-As-A-Service group, and provides insights on how businesses can strengthen their cybersecurity defences.
Read moreA cybersecurity gap analysis is a process used in organisations to evaluate the organization’s current defences, identifies vulnerabilities and weaknesses in the company security framework, and guides improvements, helping businesses prioritize risks and enhance defences. It’s an essential step in building a compliant security framework and staying ahead of evolving cyber threats.
Read moreIn this article, we will explore the top 10 essential tips to help you navigate the online shopping landscape safely, enabling you to enjoy the convenience of e-commerce while protecting yourself from potential threats.
Read moreCybercriminals use malicious CHAPTCHAs to install stealers on victims' computers, collecting sensitive data such as emails, passwords, addresses, and financial information. We examine various attack methods, including watering hole attacks, ad abuse, and SEO poisoning, and provide practical tips for protecting yourself from these sophisticated threats.
Read moreOperation Talent, a coordinated effort by international law enforcement agencies, successfully dismantled the Nulled and Cracked cybercrime forums. These platforms, which facilitated the sale of hacking tools and stolen data, were seized, disrupting a major network of online threats. The operation highlights the growing commitment of global authorities to combat cybercrime.
Read morePlease fill in the form below (fields with * are mandatory) and we will respond to your request as soon as possible!