Explainer: How malicious browser extensions are putting millions of users at risk
Why are browser extensions so popular?
Browser extensions are popular because they allow users to improve convenience, productivity, and efficiency for free. These add-ons help users to block ads, maintain a to-do list or check their spelling, etc.
How malicious add-ons are distributed
Official extension markets available on major web browsers are usually the source of these unwanted add-ons. According to the report, in 2020, Google removed 106 browser extensions from its Chrome Web Store that were used to steal sensitive user data such as cookies and passwords. The report also mentions that these malicious extensions capable of taking screenshots of users’ private data have been downloaded 32 million times. These harmful add-ons not only victimized individual users but also attacked several companies.
Users attacked by malicious browser extensions
According to Kaspersky’s report, 4.3 million unique users were attacked by adware hidden in browser extensions between January 2020 and June 2022, nearly 70% of all users affected by malicious add-ons.
The report adds that throughout the first half of 2022, more than 1.3 million users attempted to download unwanted extensions at least once, representing more than 70% of the number of users affected by the same threat. throughout last year.
According to the report, the most common threat in the first half of 2022 was the Internet search family of adware extensions capable of collecting and analyzing search queries and promoting affiliate links. These figures reflect how browser extensions are the main delivery channels for adware compared to any other delivery mechanism.
However, these are only the numbers of users using Kaspersky’s software. These numbers will increase when users protected by other security providers are also taken into account.
The biggest threats of 2022
Among all major malicious browser extensions, WebSearch’ was the biggest threat, confirms Kaspersky. The company even detected related extensions that mimic productivity tools such as DOC to PDF converters and document merging utilities that have already targeted 876,924 users in 2022. Additionally, WebSearch is also capable of altering the page of browser home to generate funds from the extension by clicking on affiliate links on search results.
“DealPly” was the third most popular adware infecting users’ devices through malicious extensions, responsible for more than 90,000 infection attempts in the first half of the year. The report mentions that this adware starts with the installation of pirated software such as KMS activators and game cheat engines downloaded from peer-to-peer networks and shady sites. Then it automatically injects browser extensions and adds new registry keys. These keys ensure that if users remove the extension, it is re-downloaded and installed on the browser when the program is relaunched.
How to stay safe
The report also recommended ways to protect browsers from adware infections. Users need to download the extensions from the official web store of the browser. Before downloading them, users should also go through user comments and reviews, as well as perform a background check of the developer/publisher.