Why malicious browser extensions are particularly nasty

Home » Blog » Why malicious browser extensions are particularly nasty

Pay attention to the dangers of browser extensions.

Individuals tend to pay little attention to the dangers of browser extensions. They install many of them and hand out consent to read and change any data in the browser. We are not saying to stop using browser extensions, but instead to be aware of what permissions you are allowing on your computer.

A browser extension adds features and functions to a browser – such as Google Chrome, Firefox, and Microsoft Edge. Here are just a few examples of the things browser extensions can do:

  • Use an add-on to deliver additional in-browser features or information from your website
  • Allow users to collect details from pages they visit to enhance the service you offer
  • Manipulate the content of web pages; for example, letting users add their favorite logo or picture as a background to every page they visit
  • Help users see the web the way they want to
  • Add new features to a taskboard, or generate QR code images from URLs, hyperlinks, or page text
  • Incorporating gameplay into everyday browsing

In a nutshell, there are three major problems with browser extensions.

The first major problem with browser extensions is the level of access to user data they have.

To function properly, any plugin usually needs your consent to read and change all your data on all websites. And yes, it means exactly what it says.

As a rule, browser plugins ask for consent to view and change all your data on all sites. That is, they see absolutely everything you do on all sites you visit, and can arbitrarily change the content of a displayed page.

Here’s what this potentially allows extension creators to do:

  • Track all user activities in order to collect and sell information about them
  • Steal card details and account credentials
  • Embed ads in web pages
  • Substitute links in search results
  • Replace the browser’s home page with an advertising link

Note that a plugin’s malicious functionality can evolve over time.  There have been cases when malicious features appeared in a previously safe extension after its creators sold the plugin to someone else.

The second problem is that users generally pay little attention to the dangers of browser extensions: they install many of them and hand out consent to read and change any data in the browser.

What choice have they got? If they refuse, the plugin simply won’t work. In theory, the moderators of the stores where these plugins are placed should monitor the safety of extensions.

But — problem number three — as is clear from the above, they don’t do this too well.

Even Google’s official Chrome Web Store had dozens of malicious extensions crawling around in it. Moreover, they can remain there for years — despite users’ reviews.

What to do if you’ve installed a malicious extension

Bear in mind that, if a plugin is banned from a browser’s store, this doesn’t mean it will be automatically removed from the devices of all users who installed it. So it’s worth checking if you’ve any malicious extensions installed on your device. Delete immediately malicious plugins, and, if necessary, download a safe alternative.

How to defend yourself against malicious browser extensions

You should never rely unconditionally on the moderators of stores where you get your browser extensions. It’s always wise to take some precautions of your own. Here’s how to protect yourself from malicious plugins:

  • Don’t install too many browser extensions. The fewer — the safer.
  • Before installing an extension, please read the reviews about it. Sure, this is no guarantee of security, but in some cases, it will at least help unmask a malicious plugin.
  • Review your list of installed extensions from time to time and get rid of ones you don’t use/really need.
  • Install reliable protection on all your devices.

One Call. One Team. One Goal – Helping Your Business Grow

Source: https://www.kaspersky.com/blog/dangerous-chrome-extensions-87-million/48562/?utm_source=newsletter&utm_medium=Email&utm_campaign=kd%20weekly%20digest

Subscribe To Our Newsletter

Newsletter Signup