Just like you should with the apps on your phone, you also want to periodically go through your browser extensions and check to see which ones you have installed and what permissions you’ve given them access to. The reason for this is that you could have a malicious extension (or even several) installed in your web browser and not even know it.
As reported by Notebookcheck, a number of popular extensions that enable things like dark mode and adblocking in Google’s browser have been hijacked by hackers, putting 3.2 million Chrome users at risk.
Although a malicious extension might not sound as dangerous as a malicious app on your phone, we store all sorts of personal and sensitive data in our browsers. From our browsing history and cookies to passwords and even payment information, all of this data can be stolen and used against us by hackers in their attacks.
Here’s everything you need to know about this latest batch of malicious extensions along with some tips and tricks on how you can protect your devices and your data.
Delete these extensions right now
As is often the case with campaigns like this one, all of the malicious extensions in question are utilities designed to improve your browsing experience. From add-ons for YouTube to emoji keyboards and adblockers, each one of these extensions likely seemed useful enough that the Chrome users who installed them didn’t think twice before doing so.
One thing that did stand out to the security researchers at GitLab Threat Intelligence that discovered these malicious extensions though is the permissions they requested access to. For instance, all of these extensions use permissions that allow them to interact with any website a user visits but they also let them inject and execute code on web pages.
While all of the extensions listed below have since been removed from the Chrome Web Store, you will still need to manually delete them if they’re currently installed in your browser:
- Blipshot (one click full page screenshots)
- Emojis - Emoji Keyboard
- WAToolkit
- Color Changer for YouTube
- Video Effects for YouTube and Audio Enhancer
- Themes for Chrome and YouTube™ Picture in Picture
- Mike Adblock für Chrome | Chrome-Werbeblocker
- Page Refresh
- Wistia Video Downloader
- Super Dark Mode
- Emoji Keyboard Emojis for Chrome
- Adblocker for Chrome - NoAds
- Adblock for You
- Adblock for Chrome
- Nimble Capture
- KProxy
From legitimate to malicious with an update
Normally with malicious extensions or apps, they’re made from the ground up with the sole purpose of stealing data and their advertised functionality is an afterthought or just tacked on so that they can be listed in an official store. With the extensions above though, this wasn’t the case at all.
Instead, these were actual, legitimate extensions that went bad as a result of having malicious updates injected into them. The way in which the hackers gained control over these extensions is also a bit different.
While some of their developers fell victim to phishing attacks which led to their extensions being outright hijacked, others willingly transferred control of their extensions over to the hackers behind this campaign.
So what was the purpose behind gaining control of these extensions in the first place? Well, some were used to inject harmful scripts into the browsers of unsuspecting users, others stole their data and some engaged in search engine fraud to drive clicks (and ad revenue) to hacker-controlled sites.
If you have any of these extensions installed in Chrome, you should remove them immediately and use one of the best antivirus software solutions to scan your computer for signs of malware or other viruses.
How to stay safe from malicious browser extensions
In a similar way to how plug-ins can enhance your favorite software, browser extensions can make using the web more more convenient while also giving you the ability to customize certain aspects of your favorite sites.
The problem though is that few browser extensions aren’t as big or as popular as the apps on your smartphone. In fact, many extensions are made by solo developers or smaller companies which can make it more difficult to tell whether or not they are legitimate. This is why you want to carefully examine all of the permissions an extension requests access to before installing it and especially before granting access to them.
Unnecessary permissions can be found in loads of extensions and apps which is why you need to ask yourself if this particular extension or software really needs access to them in the first place. The permissions an extension requests can also serve as a major red flag and help you decide whether or not it’s malicious.
Reading reviews and looking at ratings can help weed out the bad ones but you also want to take both of these with a grain of salt since they can be faked. It may be difficult to find but it’s always a good idea to look for an external review — or better yet a video review — on an extension you want to install first before you add it to your browser.
As I covered in the campaign described above, even good extensions can go bad which is why you should periodically audit which extensions you have installed in your browser. If you haven’t used a particular extension in some time, it’s better to remove it from your browser than to keep it installed. Likewise, by limiting the number of extensions you have installed, you can lower your chances of having a malicious one in your browser significantly.
Whether its extensions or apps, hackers and other cybercriminals aren’t going to stop spreading malicious software anytime soon. This is why it’s up to you to practice good cyber hygiene, limit how many you have installed and think carefully when granting a particular extension or app access to the permissions it requests upon installation.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
