Explained: How malicious browser extensions are putting millions of users at risk – Times of India

All the major web browsers like — Chrome, Bing, Safari and other platforms offer thousands of extensions to be distributed via their online stores. According to a report by Kaspersky, the most popular plug-ins there reach over 10 million users. However, not all browser extensions are secure as “innocent-looking add-ons can also be a real risk.” The report adds that these harmful add-ons can promote themselves as important and commonly have legitimate functions integrated along with illegitimate ones. Moreover, some even disguise themselves as “popular legitimate extensions” while the cyber attackers handling them add several keywords for these to appear near the top of the browser’s extension store.
Why are browser extensions so popular?
Browser extensions are popular as they allow users to improve — convenience, productivity and efficiency for free. These add-ons help users to block ads, keep a to-do list or check their spellings and more.
How the malicious add-ons get distributed
The official extension marketplaces that are available on major web browsers are usually the source of these unwanted add-ons. As per the report, in 2020, Google removed 106 browser extensions from its Chrome Web Store that were used to steal sensitive user data like — cookies and passwords. The report also mentions that these malicious extensions that were capable of taking screenshots of users’ private data were downloaded 32 million times. These harmful add-ons not only victimised individual users but also attacked several businesses.

Users attacked by malicious browser extensions
According to the Kaspersky report, 4.3 million unique users were attacked by adware hiding in browser extensions in the period between January 2020 to June 2022, which is nearly 70% of all users affected by malicious add-ons.
The report adds that throughout the first half of 2022 more than 1.3 million users tried to download unwanted extensions at least once, which was more than 70% of the number of users affected by the same threat throughout the entire last year.
As per the report, the most common threat in the first half of 2022 was the WebSearch family of adware extensions that can collect and analyse search queries and can promote affiliate links. These figures reflect how browser extensions are major adware delivery channels compared to any other delivery mechanism.
However, these are just the numbers from the users that use Kaspersky’s software. These numbers will increase when users protected by other security vendors are also considered.
Biggest threats of 2022
Amongst all the major malicious browser extensions WebSearch,’ was the biggest threat, Kaspersky confirms. The company has even detected related extensions that mimic productivity tools such as DOC to PDF converters and document merging utilities have already targetted 876,924 users in 2022. Moreover, WebSearch is also capable of changing the browser’s home page to generate funds from the extension through clicks on affiliated links on the search results.
The second most common threat that was hiding in the browser extension scripts was the ‘AddScript,’ which attacked more than 150,000 unique users. AddScript can run while hiding in the background and the extensions that carry it also offers the promised functionality of downloading videos from the web. This malware increases ad revenue by using JavaScript fetched after installation to run videos in the background and log “views” on YouTube channels. Moreover, AddScript injects affiliate cookies on the host to receive commissions for purchases made through the browser.
‘DealPly’ was the third most popular adware infecting user devices through malicious extensions which were responsible for over 90,000 infection attempts in the first half of the year. The report mentions that this adware starts with installing pirated software like KMS activators and game cheat engines downloaded from peer-to-peer networks and shady sites. Then, it automatically injects the browser extensions and adds new registry keys. These keys ensure that if users remove the extension, it is re-downloaded and installed on the browser when the program is relaunched.

How to stay safe
The report has also recommended some ways to keep browsers free of adware infections. Users should download extensions from the browser’s official web store. Before downloading them, users should also go through the user comments and reviews, along with running a background check on the developer/publisher.
It is better to review the privacy policy and data collection practices of the extensions that ask for crucial permissions to offer the promised functionality. Lastly, users should try using the least amount of extensions they need and must review the already installed add-ons at regular intervals. Users should also remove any add-ons that they think were installed without their consent.