Malicious Extensions Put Millions at Risk
Recent reports indicate that several popular extensions, including those offering dark mode and adblocking in Google’s browser, have been compromised by hackers. This breach has put an estimated 3.2 million Chrome users at risk, emphasizing the importance of regular extension checks.
The Browser Extensions in Question
- Blipshot (one click full page screenshots)
- Emojis – Emoji Keyboard
- WAToolkit
- Color Changer for YouTube
- Video Effects for YouTube and Audio Enhancer
- Themes for Chrome and YouTube™ Picture in Picture
- Mike Adblock für Chrome | Chrome-Werbeblocker
- Page Refresh
- Wistia Video Downloader
- Super Dark Mode
- Emoji Keyboard Emojis for Chrome
- Adblocker for Chrome – NoAds
- Adblock for You
- Adblock for Chrome
- Nimble Capture
- KProxy
Why Should You Be Concerned?
A malicious extension might not seem as threatening as a malicious phone app, but remember, our browsers store a wealth of personal and sensitive data. From browsing history and cookies to passwords and payment information, all this data can be stolen and used against us by hackers.
Understanding the Threat
The malicious extensions in question are utilities designed to enhance your browsing experience. From YouTube add-ons to emoji keyboards and adblockers, these extensions appear useful, which is why Chrome users installed them without hesitation.
The Permissions Trap
What caught the attention of security researchers was the permissions these extensions requested. They were designed to interact with any website a user visits and inject and execute code on web pages. Though these extensions have been removed from the Chrome Web Store, if they’re currently installed in your browser, you need to delete them manually.
The Unusual Case of Legitimate Extensions Gone Bad
Unlike typical malicious extensions or apps, these weren’t built from scratch for data theft. Instead, these were legitimate extensions that turned rogue due to malicious updates injected into them. The hackers gained control over these extensions in various ways, including phishing attacks on their developers and voluntary transfers of control.
The Motive Behind the Malice
The purpose of controlling these extensions varied. Some were used to inject harmful scripts into users’ browsers, others stole data, and some engaged in search engine fraud to drive clicks (and ad revenue) to hacker-controlled sites.
Protecting Your Browser
Browser extensions can enhance your web experience, but they can also pose risks. Many extensions are created by solo developers or smaller companies, making it challenging to determine their legitimacy. It’s essential to examine all permissions an extension requests before installing it and especially before granting access.
Check Your Browser Extensions Regularly
Just like you maintain your phone apps, it’s essential to regularly review your browser extensions and their permissions. You could unknowingly have a malicious extension installed in your web browser, posing a significant risk to your online security.
Red Flags and Reviews
Unnecessary permissions can be a major red flag indicating a potentially malicious extension. Reading reviews and looking at ratings can help weed out the bad ones, but remember, these can be faked. It’s always a good idea to look for an external review or a video review before installing an extension.
Practice Good Cyber Hygiene
Even good extensions can go bad, so it’s vital to audit your browser extensions periodically. If you haven’t used a particular extension in some time, it’s better to remove it. By limiting the number of extensions you have installed, you can significantly reduce the risk of having a malicious one in your browser.
Stay Vigilant
With hackers and cybercriminals constantly spreading malicious software, it’s up to you to practice good cyber hygiene. Be mindful when granting an extension or app access to the permissions it requests upon installation. Stay safe, and stay vigilant.