Hundreds and even thousands of popular browser extensions are available that support a variety of useful functions, from ad blocking and cookie management to text translation, grammar correction, and password management. Most users are accustomed to using these extensions for a wide range of both personal and work-related activities. But sometimes browser extensions do more than they claim to do.
Unfortunately, the browser extension platform can be a “Trojan Horse” used to conduct attacks such as phishing, spying, DDoS, email spamming, affiliate fraud, mal-advertising, payment fraud, and more.
For example, researchers at security firm Avast recently identified 28 malicious third-party browser extensions that are used with Google Chrome and Microsoft Edge – for Instagram, Facebook, Vimeo and others. These extensions spread additional malware, steal information, and manipulate the victim’s search results – and they already have been downloaded about 3 million times.
A browser extension platform can be a Trojan horse, which is used to conduct attacks such as phishing, spying, DDoS, email spamming, affiliate fraud, mal-advertising, payment fraud, and more.
There are several ways “healthy” browser extensions can turn into malicious extensions. Sometimes, the extensions are hijacked by malicious actors. The next time the extensions are automatically updated, they easily are turned into malware . Alternatively, the browser extension can be developed from the get-go by people with malicious intent.
Some malicious browser extensions track browsing histories, obtain access to a victim’s camera and photos, collect personal information like credentials, or get into the victim’s email or other sensitive data. Others may contain malicious code that allows the download of additional malware to the victim’s device.
Some can manipulate the link that victims of browser extensions click on – leading them to phishing sites and ads. (Phishing has been one of the top methods of attack throughout the COVID-19 pandemic – you can read more here.) Specifically, victims are redirected to a hijacked URL before being sent back to the website they intended to visit.
Some malicious browser extensions track browsing histories, obtain access to a victim's camera and photos, collect personal information like credentials, or get into the victim's email or other sensitive data.
Protecting organizations from malicious browser extensions is a key IT management process that can be broached from several different angles.
The first step in the process involves conducting an audit – identifying which extensions each employee uses. You can use an extension report API to export extensions data and map out all extensions used in the company. For example, Google Chrome offers the app Chrome Browser Cloud Management for this purpose.
The second step involves limiting which extensions are used across the organization. You can decide to block browser extensions or force an uninstall. Identifying which extensions to remove can be done in a variety of ways, for example:
(You can read more in this guide by Google or watch this webinar).
Finally, the most significant of the “Best Practices” involves raising awareness by training your employees.
Protecting organizations from malicious browser extensions is a key IT management process that can be broached from several angles.
While it’s hard to eliminate the risk of malicious browser extensions completely, here are four ways that employees in your organization can be trained to adapt their use of browser extensions and help you reduce the risk:
Particularly with many employees working from home, training and awareness is key in allowing an organization to stay safe.
Want to learn more about how to protect your organization from cyber threats? Contact CyberProof today!