Browser extensions are small blocks of code that allow users to customise the browsing experience and add additional features and functionalities to a basic browser. These features can include blocking advertisements, changing the appearance of web pages, grammar-checking your writing, and much more. Extensions can be downloaded typically for free from official browser provider sites, for instance Chrome’s, Safari’s, and Mozilla’s online stores, or from other sites. As they improve the convenience, productivity, and efficiency of browsers for both personal and work-related activities, extensions have become increasingly popular.
Browser extensions, however, are not always as secure as they look, and can pose a significant challenge to cybersecurity. As a matter of fact, extensions can be easily downloaded with just one click, typically have full access to the contents of any web page the user loads and can handle sensitive data. This has made extensions a valuable target for threat actors.
Malicious extensions, and “good” extensions gone bad
Seeing the popularity of browser extensions, cybercriminals have found ways to package malware inside seemingly legitimate extensions. As a matter of fact, these add-ons may impersonate legitimate and popular extensions, or may have legitimate and helpful functions in addition to the malicious ones. Malicious extensions allow threat actors to perform many illicit activities, including spying on users’ web activity, and stealing sensitive data, including passwords, and personal and financial information.
Threat actors have also managed to distribute malicious extensions through browsers’ official marketplaces. In 2020, Google found and subsequently removed over 106 extensions from the Chrome Web Store, which had been downloaded over 32 million times. These malicious extensions were responsible for tracking and stealing sensitive information, including passwords, and could even take screenshots. The users who had downloaded these malicious extensions included businesses as well, giving threat actors access to financial services firms, oil and gas companies, and healthcare and government organisations.
The most popular type of malicious extension are those containing adware. Threat actors insert unwanted software in the extensions that allows them to generate revenue by automatically displaying a high number of advertisements on users’ screens. The second most popular type, are extensions that contain malware, that can track users’ activity, steal information, gain access to users’ cameras and photos, and access users’ emails and sensitive data. Legitimate extensions can also turn into malicious ones at a later time. In fact, legitimate extensions can be hijacked or bought by threat actors, who can then push updates containing malicious code, which will inject malware into the extension.
According to Kasperky’s findings, between 2020 and 2022 almost 7 million users have attempted to download malicious browsers extensions, of which 70% were infected with adware.
How to stay protected
To avoid inadvertently installing malicious extensions there are some elements to pay particular attention to:
The information contained in this article is provided by White Blue Ocean, part of CRIF Group, a global company specializing in credit & business information systems, analytics, outsourcing and processing services, as well as advanced digital solutions for business development and open banking.
The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free.
You have probably noticed that all the phishing mails are poorly written and some details may let us think they are somewhat unprofessional. Find out why.Read more
At the end of April 2022, the CNIL, the data protection authority for France, announced it had imposed a fine of €1.5 million on the medical software provider Dedalus Biology, following a significant leak of patients’ data.Read more
Ransomware is not a new threat, but in recent years it has grown so exponentially that it has become one of the most prominent global threats, not only in the digital world but in the physical one as well.Read more
December was not an easy month for Italy in terms of cybersecurity. Several cyberattacks, targeting private companies, public healthcare services, and city administration services, wreaked havoc across the country.Read more
Please fill in the form below (fields with * are mandatory) and we will respond to your request as soon as possible!