For this purpose, we analyzed threat statistics from Kaspersky Security Network (KSN), a system for processing anonymized cyberthreat-related data shared voluntarily by Kaspersky users, for the period between January 2020 and June 2022. In this research, we observed various types of threats that mimic useful web browser extensions, and the number of users attacked by them. In that way, over 30,000 users got adware after an installed extension, dubbed Particle, was sold to new developers and later modified to inject ads into websites. After fraudsters purchase the extension, they can update it with malicious or unwanted features, and that update will be pushed to users. Sometimes developers sell a browser extension after it has gained a huge following. For instance, when an account of the developer of a popular add-on was hijacked after a phishing attack, millions of users received adware on their devices without their knowledge. The problem is that sometimes that data is not anonymized enough, so even non-malicious extensions can harm users by exposing their data to someone who is not supposed to see what websites they visit and what they do there.Ī regular spell checker asks permission to “read and change all your data on all websites,” which could potentially pose a riskĪdditionally, extension developers are also able to push out updates without requiring any action by the end user, which means that even a legit extension could be later turned into malware or unwanted software. To earn more money, some developers may pass it on to third parties or sell it to advertisers. The danger arises from the fact that many extensions, after gaining access to “read all the data on all websites,” collect massive amounts of data from web pages users visit. For example, basic extensions often require permission to “read and change all your data on the websites you visit.” They may really need it to function properly, but this permission potentially gives them large power.Įven if extensions have no malicious functionalities, they can still be dangerous. Often the wording provided by browsers is so vague that it is impossible to tell exactly how secure an extension is. However, analyzing extension permissions may not always help. For example, if a regular browser calculator requires access to your geolocation or browsing history, or wants to take screenshots of pages, it’s better not to download it at all. If you see that an add-on is asking for far more permissions than it theoretically needs, that’s a serious cause for concern. Sometimes the user can assess the risks by looking at what permissions an extension requests when installed from the store. Google deleted it from the Chrome Web Store, but the malware had already infected more than 400 Chrome users, putting their data at huge risk. Another malicious Google Chrome extension that was available for download even in the official store could recognize and steal payment card details entered in web forms. Overall, more than 100 networks were abused, giving threat actors a foothold on financial service firms, oil and gas companies, the healthcare and pharmaceutical industries, government and other organizations. Victims of these attacks were not only individuals, but also businesses. All of them were used to siphon off sensitive user data, such as cookies and passwords, and even take screenshots in total, these malicious extensions were downloaded 32 million times. In 2020, Google removed 106 browser extensions from its Chrome Web Store. Malicious and unwanted add-ons are often distributed through official marketplaces. Some of them may even impersonate a popular legitimate extension, their developers going so far as to stuff keywords so that their extension appears near the top of the browser’s extension store. Malicious and unwanted add-ons promote themselves as useful, and often do have legitimate functions implemented along with illegitimate ones. For example, children can add virtual pets to their browser, while adults usually prefer productivity trackers and timersįirst of all, not every innocent-looking extension is, in fact, innocent. However, extensions are not always as secure as you might think - even innocent-looking adds-on can be a real risk.īrowser add-ons are in demand among people of different ages. Chrome, Safari, Mozilla - these and many other major Web browsers - have their own online stores to distribute thousands of extensions, and the most popular plug-ins there reach over 10 million users. Whether you want to block ads, keep a to-do list or check your spelling, browser extensions allow you to do all of the above and more, improving convenience, productivity and efficiency for free, which is why they are so popular.
0 Comments
Leave a Reply. |