SBN

How to spot a malicious browser extension

Introduction

Let’s not kid ourselves — the experience of surfing the web wouldn’t be the same without extensions. Browser extensions make it possible to block advertisements, change the appearance of web pages and more. 

Although the rise in their demand has required that extension marketplaces up their due diligence, they’re still a quite unregulated territory. The truth is that it’s easy for cybercriminals to publish malicious browser extensions that perform illicit activities, including spying, data theft and more.

Almost all popular web browsers offer extensions, including Chrome, Safari, Opera Firefox, Microsoft Edge and Internet Explorer. This means that a lot of people end up using them. The large user base makes it attractive for bad actors to package malware inside the extensions. 

Another appeal of using extensions is that it’s difficult for an antivirus to spot the malware. Generally, extensions aren’t considered as applications, so they often fly under a security program’s radar. Plus, the fact that marketplace authorities don’t properly vet most extensions makes these modules safe for carrying malware.

With that in mind, let’s look at a recent case of malicious browser extensions and what you can do to detect them (before it’s too late).

Malicious Chrome extensions received over 30 million downloads

During a three-month study, researchers from Awake Security discovered 111 malicious browser extensions available to download for Google Chrome. Seventy-nine of these extensions were present on the Chrome Web Store. While most of them appeared to function normally, they were actually offering support to a massive global surveillance campaign by spying on and stealing data from users across various industry verticals. 

The researchers also revealed that the extensions were downloaded almost 33 million times by Google Chrome users, with a few extensions receiving over ten million installs. Spoofed to look legitimate, the (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Dan Virgillito. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/WuEEIymK2f0/