Browser extensions are lightweight programs that improve the functionality of a web browser by modifying it, or adding new features.
Extensions can perform a wide range of functions, from saving passwords, to translating web pages and capturing screenshots. But they can also pose a real threat to your security, even if you don’t know it. Here are five hidden dangers of using browser extensions.
1. Data Collection
It’s hardly a secret that most apps and software products we use collect our data. But there’s a huge difference between what can be described as acceptable data gathering, and the collection of personal information that the user did not explicitly agree to sharing. But that is exactly what can happen if you download the wrong extension.
Chrome, Firefox, Opera, and other browsers have seemingly strict policies when it comes to which extensions and add-ons are allowed in their stores, but malicious ones still slip through the cracks. For example, in August 2022, McAfee discovered five popular Chrome extensions tracking users’ browsing activity. The extensions, which were downloaded by 1.4 million people, also collected users’ personal information (e.g. name, location).
Demonstrating that this was not an isolated case is a 2022 study from Incogni, which found that 14 percent of extensions in the Chrome Web Store collect Personally Identifiable Information (PII), while 13 percent gather website content data. The study also showed nearly nine percent of Chrome extensions track user activity, while almost seven percent collect location data.
2. Phishing
Phishing is a type of cyberattack in which the threat actor tries to scam their target into revealing sensitive personal information (like your passwords and credit card numbers). These attacks are typically launched through email and scam websites, but they can also be carried out via browser extensions.
One tactic used by threat actors revolves around creating an extension that actually offers a useful feature of some kind, but has malicious code embedded in it. This code then records keystrokes, so capturing information such as banking credentials, and stealing the victims’ money.
Another thing cybercriminals do is create an extension that is almost an exact copy of an already popular one. An extension like this usually has a very similar description, color scheme, and logo to the original, but contains code that either redirects users to a phishing page, or captures their data directly.
3. Adware
The term adware is used to describe software that displays unwanted advertisements. Not all adware is dangerous, but even adware that poses no real threat in terms of cybersecurity can be intrusive and annoying. These ads are typically displayed in web browsers, sometimes via extensions.
How does that happen? Cybercriminals can create an adware-based extension from scratch; launch an extension that actually does what it’s supposed to, but also serves ads. Alternatively, the developers of an already popular extension can inject adware into their existing software. The latter is exactly what happened in 2019 with a popular YouTube extension.
As Kaspersky reported at the time, the extension Automatic 4K/HD for YouTube at one point began abusing its user base, serving all kinds of ads, including annoying pop-ups. The extension was removed from the Chrome Web Store shortly afterward, but it’s safe to assume dozens of similar products are popping up daily.
4. Browser Hijacking
Browser hijacking is a cyberattack in which the target’s web browser is modified in some way. The attacker might change their victim’s homepage or default search engine, redirect them to a certain website, install programs without permission, and so on. And yes, extensions and add-ons can also be used to hijack a browser.
Here’s one example. In July 2023, PC Risk discovered an extension that hijacked unsuspecting users’ browsers. Named simply App, the extension was spotted on a deceptive website. It modified the “Managed by your organization” feature in Chrome, redirecting victims to different search engines, which displayed strange results with links to shady websites.
It’s more than likely that in this case the threat actor deceptively sent users to their own websites, or websites affiliated with their organization, and in doing so generated clicks and ad revenue.
5. Crypto Mining
Crypto mining is a popular method for generating digital currency that revolves around solving cryptographic equations. Generating crypto like this requires a lot of processing power and strong hardware, so the costs can be astronomical. This is why threat actors have developed coin miners, or malicious programs that utilize the victim’s computing resources without their consent.
Crypto-mining malware is often distributed through illegal torrent downloads and shady websites, but it can also be found in browser extensions. When a person adds an extension with a miner to their browser, the malware infiltrates their system, and begins using their computer to mine crypto.
For example, Symantec researchers discovered in 2019 two Chrome extensions that did just that. One of them masqueraded as an MP3 downloader, but actually acted as a miner. The other one was a version of the popular strategy game, 2048. Before being removed from the Chrome Web Store, these extensions had around 6,000 downloads combined, which suggests whoever developed them made a significant amount of money in crypto.
How to Protect Yourself From Malicious Browser Extensions
When it comes to cybersecurity, universal solutions are rare, since the threat landscape is very diverse and changes constantly. But you should be able to stay safe from malicious browser extensions if you remember the following:
- Only download extensions from official marketplaces.
- Conduct basic research about an extension before adding it to your browser.
- Read user reviews and look for any red flags.
- Check the permissions an extension requests before installing it.
- Remove any extensions that you no longer need (having too many slows down your browser anyway).
- Install reliable antivirus software and stay away from shady websites.
- Review your browser’s settings from time to time.
- Keep your browser up to date.
Extensions Are Great, but Caution Is Necessary
There isn’t a browser that wouldn’t benefit from an extension. And whatever your needs are as a user, there’s probably an add-on out there that would make your life easier.
But you should not throw caution out the window. Instead, treat browser extensions like you would treat any other software product, and make sure you take the necessary steps to stay safe and preserve your privacy.