Everything you need to know about malicious browser extensions

In simple terms, malicious browser extensions are small units of software infected with malicious code. The code is executed during the simple installation process. That way, sensitive user data is extracted without users’ knowledge.

From the beginning, browser extensions, or plug-ins, were meant to add functionality to the websites and ease our day-to-day online chores, like checking for spelling mistakes, making notes, or blocking annoying ads. Turns out, browser extensions are the perfect medium to spread malware and exploit users.

Some browser extensions are developed with malware from the beginning. Once a user downloads and installs the extension, the malicious code activates, causing harm to the device. A worse scenario is when browser extensions look innocent initially, but once downloaded and installed, they are updated with malicious code.

Adware extensions can get into computer systems in various ways. The most common scenario is that we install them voluntarily. Usually, these add-ons are distributed through legitimate and official marketplaces. Over 30 malicious extensions were recently removed from the official Chrome Web Store by Google. They were downloaded 75 million times. Other times, malicious browser extensions invade users’ computers with illegally downloaded content from dubious websites or simply through malvertising. Potentially unwanted programs, such as the Wave browser virus, can sometimes install malicious plug-ins, too.

Today, our digital data is valuable more than ever, but more than our personal data is breached, monitored, and stolen. Malicious or unwanted extensions affect our devices by slowing them down and wearing out parts. Replacing devices earlier than they would otherwise need to be replaced leads to direct economic loss.

Sensitive information theft

Bad news for those who love shopping online. After we check out and pay with our hard-earned money, our browser remembers our usernames, sometimes even passwords. Other times, we leave our credit card information on websites for further purchases, which is not recommended. Some malicious extensions like “Cloud9” perform keylogging activities like keystroke tracking. In human language, that means it spies on victims’ browser activity snooping for valuable information like credit card details, banking passwords, and other sensitive data.

Distribution of malware and viruses

Most malicious browser extensions can install “Keylogger” to track users’ browser activity, which usually affects a narrow network or is localized on one PC. Unfortunately, a new wave of Chrome extensions can establish footholds on victims’ or companies’ computers. That allows hackers to sneak into the organization’s network. Once inside the system, hackers can come around network defenses, spy on other computers, and distribute viruses throughout the network.

Impact on system performance and stability

Browser extensions usually speed up our online tasks by blocking unwanted or annoying ads. The opposite happens when malicious extensions are installed since they are not optimized for performance enhancement. Moreover, they can drastically slow down your computer by using its resources, corrupting personal data and programs, or simply trying to run down the system.

Detecting malware extensions is relatively easy. Here are a few simple cyber hygiene practices anyone can follow.

• Update your browser: The first simple piece of advice is to keep your Chrome browser updated. Enabling Chrome’s Enhanced Safe Browsing technology or using Chrome virus scan might also be helpful since it provides real-time scanning for known phishing and malware sites.
• Developer’s background check: Ensure the extension developers are trustworthy and have a public profile or designated website before downloading any software. Check if the listed name on the extension matches the real developer’s name. The best idea is to download the Chrome extension directly from a trustworthy website instead of cluttered marketplaces. Sometimes marketplaces are crammed with fake developer extensions, which is a red flag.
• Check the behavior of your browser: Check your browser for anything suspicious. If you are bombarded with large amounts of advertising, you may have adware installed on your computer. You can identify a malicious extension by checking the activity of all your extensions and deactivating them one by one.
• Always double-check required permissions: Some extensions require permissions that don’t align with the app’s functionality. If the extension requires access to sensitive data or personal information, like your emails, it’s probably malicious. Consider that before the installation.

Funny, but to remove malicious Chrome extensions, you might need a Chrome extension that can detect threats and malicious code. After installing one, you will be notified if a downloaded file has malicious properties. The second way is to remove extensions manually from your browser. You can do that by going to the extension menu and removing them individually. Finally, restoring your Chrome browser to its default settings is a good option.

Chrome is ranked as the most malicious browser because it’s the most popular, but that doesn’t mean other browsers carry less threat. Microsoft Edge, Safari, and Chromium are just among many others infected by malicious extensions daily. Here are some common browser extensions that are considered harmful.

Netflix Party: The Netflix Party extension was designed for synchronized content viewing. Unfortunately, it tracked users’ digital data footprint and injected browsers with affiliate links. Fraudsters used Netflix Party to abuse users browsing history to earn money.

SaveFrom.Net: Downloading media from sites like TikTok, YouTube, or Facebook with one click is a desirable feature. That’s why add-ons like SaveFrom.Net became popular, but popularity comes with a price. The extension collected and leaked users’ IP addresses and browsing behavior data.

Full Page Screenshot Capture: For those who don’t like keyboard shortcuts to take screenshots, extensions like Full Page Screenshot Capture provide the opportunity to take full-page screenshots with one click. More than 200,000 users installed these adware extensions. Turns out screenshot browser add-ons also tracked their private data and changed the location of cookies on e-commerce websites to disguise their original URLs as referral sites.

The growing interest in browser extensions opened the gate for fraudsters to make accurate copies of successful add-ons. Those legit copies even appeared on Chrome Web Store. So naturally, users didn’t pay much attention until their privacy was compromised. Besides reviews and product ratings, here are a few other things to consider before adding extensions to your browser:

• Download browser extensions from legitimate developers’ websites.
• Pay attention to the privileges that extensions require.
• Go through the product description.
• Scan browser extensions with antivirus software or use Threat Protection tools.