According to Google, the use of extensions in its Chrome browser has never been so high. It is one of the most popular browsers, and as such there are undoubtedly hundreds – if not thousands – of these extensions nowadays, all promising to improve our online surfing and make it all the more pleasant, providing the latest weather information, the ability to fool your GPS receptor and whatnot. But that immense popularity has its negative effects, too, since it makes Chrome all the more appealing to hackers and wrongdoers, who might create toxic extensions that, once installed, can steal your private data. This is precisely what the security firm Icebrg looked into for their latest research, discovering that four of these malware apps were downloaded half a million times.
The biggest problem with malicious Chrome extensions is the fact that they’re very easy to install. The browser itself is a trusted program, and therefore whitelisted in most antivirus software. This allows extensions to slip underneath that layer of protection, which is typically the only form of security in place, too.
Worse still, these browser add-ons are perfectly disguised as normal applets, which is in line with the common practice for Android apps on the Google Store, for instance. And just as Google has declared open war on these in the past, it now claims that its web store is 70% cleaner of toxic extensions when compared to recent years. Still, in the words of Icebrg’s CEO, there has been “an increase in criminal use of extensions”, and their study thoroughly demonstrates that.
Researchers ‘decomposed’ these apps to find that they were redirecting users to ad-filled websites, as part of a phishing fraud scheme, which is a similar practice to the one that was revealed by MalwareBytes – another online security company – in early 2018.
In this case, not only was it bad enough that the compromised applets were installed through brute force but, even worse than that, they were able to avoid deletion by closing “pages with extensions/add-ons info” or redirecting users away from them to other general pages. They targeted both Chrome and Firefox users, disguised as extensions for weather in Colombia and downloaded thousands of times.
In addition, nowadays the creators of these apps can easily modify their behavior after they’re installed, remotely adding code for snooping within the codebase of functioning apps, making them all the harder to be detected. This allows them to have access to personal user data, which in turn can later sold at online black markets. Another technique commonly used by wrongdoers to fool unexpected users is to disguise these malware extensions as others that are supposed to do the exact opposite, such as securing your connection through a VPN or even storing your passwords.
Previous cases are good examples of this, with Google removing malware extensions that mimicked AdBlock Plus, while others disguised as Adobe installers and other well-known and established programs brutally attacked users’ private data, even financial info.
Trusted Apps and Browser Extensions
Our advice for you to opt for only trusted apps on Android or iOS mobile devices applies in exactly the same way in this case. As mentioned, even extensions that seem legitimate can hide malware in between their extensive lines of complicated coding, making them hard to detect and even remove.
If you’re looking for a trustworthy VPN, password manager or any other service that also provides its own browser extensions, the best result is to spend some time doing research instead of blindly installing the first option you come across. Likewise, even when user reviews are positive, it’s always advisable to visit review websites like our own or those of security firms to find out if there are any strong arguments against a particular extension.
Best VPN Services of 2018