Millions of us use malicious browser extensions without realizing it
Malicious browser (opens in a new tab) the extensions are becoming so widespread that millions of users have apparently installed them.
A new report from Kaspersky analyzing telemetry data from its endpoint protection solution and revealed that over the past two and a half years (between January 2020 and June 2022), more than 4.3 million unique users had been attacked by adware hidden in browser extensions. In other words, around 70% of all affected users have encountered this type of threat.
Furthermore, it claims to have prevented more than six million users from downloading malware, adware and risky software disguised as browser extensions during this period.
Adware and Malware
These extensions target users daily with adware and other forms of malware, unaware that they are actually under attack.
The most popular type of malicious browser extension is adware – unwanted software that promotes affiliates rather than improving user experience. These extensions monitor user behavior through browser history, in order to redirect them to affiliated pages and thus earn a commission for their creators. According to Kaspersky, WebSearch is the largest in this category, detected by an antivirus (opens in a new tab) programs like not-a-virus:HEUR:AdWare.Script.WebSearch.gen, and downloaded nearly 900,000 times.
Although this tool promises to improve the experience of office workers (by simplifying the conversion between .doc and .pdf files, for example), it actually changes the browser’s start page and uses resources to gain extra money via affiliate links.
The extension also changes the browser’s default search engine to myway, which captures user queries, collects them, analyzes them, and then serves victims’ affiliate links in search engine results pages.
The second most popular type is malware (opens in a new tab)typically designed to steal login credentials and other sensitive information, such as payment data.
The best way to protect your devices from malicious browser plugins is to always make sure you download them from trusted sources and check reviews and ratings.
- Protect your business with the best terminal (opens in a new tab) protection