Use of Malicious Browser Extensions Becoming More Commonplace

It is going back a long ways but there are some who have been in and around the digital space long enough to be able to tell you of a time when browser extensions weren’t even anything to discuss, and that’s simply because they didn’t exist. Why didn’t they exist the way they do today? Well, the simple answer is that web browsers didn’t need to have modifications made to the flows of information back then, and that’s because the information was more standardized in the way it was presented. The fact that the information available via the web is accommodated much more thoroughly now is a good thing, and browser extensions are a large part of why that’s the way it is.

Some may not have the web world wherewithal to know what a browser extension is in the first place, and if so that’s perfectly alright. They are small software modules installed to customize your browser’s appearance or function, and they can serve any number of purposes from enabling email encryption, ad-blocking, one-click password storage, spell checking, dark mode, calendar add-ons, and more. Browser extension are also fairly essential for online shopping, something pretty much everyone does these days at least to some extent.

All is well to a point, but where that point ends is when browser extensions become harmful rather than beneficial. And that’s the reality nowadays, and it is something that is of interest to us here at 4GoodHosting in the same way it would be for any quality Canadian web hosting provider. That’s because it’s very much in line with who we are and what we do – namely hosting websites and ones that may have browser extension compatibility formatted into them for any number of perfectly good reasons.

What makes all of this blog worthy today is that it seems that malicious browser extensions are becoming more common, and it’s more common for developers to be using them. Let’s look at why that is this week.

With 3rd Party Developers

The reason that bad-actor browser extensions are so common is that while there are many of them, only some of them are made by the developers of the primary browsers themselves. Most extensions are made by 3rd-party developers, and as you’d guess many are of no renown whatsoever and as such can make and distribute whatever they please without needing to account for the offering. In fact, malicious browser extensions are becoming so widespread that millions of users have them installed and many may not even be aware of having done so.

A report that analyzes telemetry data from an endpoint protection solution and found that in the last 2.5 years (January 2020 – June 2022), more than 4.3 million unique users attacked by adware hiding in browser extensions were recorded. That works out to some 70% of all affected users encountering a threat of this type, and if that type of widespread occurrence is transposed on a larger scale for everyone who is using the internet for a specific task then it makes clear the large extent of the problem.

The same report further suggests that implemented preventative measures put in place over recent years are responsible for more than 6 million users avoiding downloading malware, adware, and riskware that had been disguised as harmless browser extensions.

Adware and Malware

These extensions serve to target users with adware and other forms of malware and do so repeatedly, and again most people equipped with them have no idea what’s going on. The most common type of malicious browser extension is adware, which is unwanted software used to push affiliates rather than improving user experience in any way. They function by monitoring user behavior through browser history before redirecting them to affiliate pages and providing a commission for the extension’s makers.

The biggest culprit? WebSearch, detected by antivirus(opens in new tab) programs as not-a-virus:HEUR:AdWare.Script.WebSearch.gen. It has been inadvertently downloaded nearly a staggering 900,000 times.

This extension is promoted on the basis of the way the tool is designed to improved the working experience for those who need to do tasks like converting between .doc and .pdf files, but what it does in reality is change the browser’s start page and redirecting resources to earn extra money through affiliate links. It also changes the browser’s default search engine to myway for capturing user queries and then collecting and analyzing them, so that certain affiliate links are then served to the carrier in search engine results pages.

Malware is a huge problem too that can result from people carrying malicious browser extensions, and the worst ones being geared to steal login credentials and other sensitive information like payment data. To protect your devices from malicious browser plugins you should ensure that you are always downloading them from a source that is proven trustworthy, and checking reviews and ratings is recommended and a good way to do that.

Post Navigation