Web Browser Extensions: Are They Safe Or Malicious?
Do you know that your web extensions may be tracking your every move? Worse, they may even be injecting fraudulent cookies into your browser.
Web browsers are an integral part of the web economy as they process almost every bit of information transferred back and forth between the user and the Internet. As of August 2022, Google Chrome accounted for about 65 percent of the global web browser market share, increasing over 15 percent in three years.
The tech giant has published various privacy policy guidelines over time. For example, Google requires all browser extensions published in their Chrome Web Store to have a privacy policy, take consent from the user, and only use the minimum permissions needed for the extension’s purpose.
What are Extensions, and What do they do?
A browser extension is a plug-in that adds functionality to a web browser. Extensions can block ads on web pages, display coupons, enhance the shopping experience, check spelling, and much more. But for an extension to do its job, it will need permission to read and change the content of web pages you view in the browser.
Browser Extensions are used for a few different reasons:
- You can integrate with other services to ease things out. For example, Evernote offers a browser extension that allows users to clip websites and save them.
- You can add additional features to your browser for a seamless experience. As an example, JoinTabs is a Chrome extension that gives a button you can click to combine all your Chrome tabs into a single window.
- You can modify websites as they appear or save on online shopping with extensions offering coupons & discounts. For a sample, let’s talk about the Chrome extension, InvisibleHand. It adds information to shopping websites, informing users if there’s a lower price available on a competitor's website.
Extensions are like any other piece of software and can do many other things. However, browsers place some limits on what they can do. If you want to integrate your browser with a service or get an additional feature, you can do it with a browser extension that already exists.
What are Malicious Browser Extensions?
Extensions require the ability to read and change all your data on all websites you visit. Looks like a big deal, right? However, even the most popular browsers draw little attention to it.
For example, one of the popular extensions on Chrome Browser, Google Translate, mentions that it collects information about users’ location, activity, and website content under the Privacy Practices section on the page. But when we do a fact check, the extension accesses data from all the websites the user visits.
Most of us won’t even read this message and automatically click Add extension to start using it right away. User ignorance creates an opportunity for cybercriminals to distribute adware and malware under the guise of what appear to be valuable extensions.
The extensions affected by adware get the right to alter the displayed content so they can show ads on the sites you visit. Most of these nefarious creators use a malicious web browser as a cookie hijacking tool.
They may also analyze users’ search queries and other data for better-targeted ad content. Access to the content of all visited websites allows an attacker to steal users’ details, cookies, and other sensitive information.
The malicious affiliates or creators of such extensions inject their affiliate cookies into these ads; then earn money from commissions for user clicks/purchases by cookie hijacking.
If a user installs a compromised extension, they allow attackers access to all the data in their browser. In 2018, four malicious extensions on Google Chrome were identified to be secretly using the browser to click on pay-per-click ads. Recently, Mozilla removed 197 add-ons, many from the same company, that were either collecting user data without their consent or were running malicious ads on the user system.
Extensions might start safe (built by a reputable publisher) only to slip into the threat actor’s hands if the extension gets sold.
This happened in 2017 when the “Particle” extension for YouTube got sold to a developer who updated and then used the extension to inject ads into websites. As users of the extension swiftly noticed the change and reported, it came into the picture that two other extensions owned by the developer also changed from valid to fraudulent after being sold.
The element that makes browser extensions so potentially dangerous is their permissions management. Most browser extensions have extensive access that is not disclosed to the users.
What Threats Do Malicious Extensions Pose?
Browser extensions have become one of the most popular mediums for affiliate marketing. There are several legitimate ways of promoting through extensions, but publishers often find illegitimate ways of earning more and faster by affiliate cookie stuffing.
Extensions get compromised after someone attempts to alter their code with the intention of phishing or hacking. The control and ownership of an established extension may be abandoned or sold to shady publishers. We list a few threats from such compromised extensions.
1. Extensions Can Control the Browser
Once installed, a browser extension can read and capture everything that you do in your browser. For instance, it can list the websites you visit, the amount of time you spend on any website, capture data that you put in the forms, access cookies, and a lot more; literally, every click, web page viewed, video played, and keystroke can be captured.
At the time of installing any extension, developers ask for certain permissions. Many users are unaware of the true meaning and implications of how these permissions can access their data or how it may be used. Developers use a combination of these permissions to exploit the user machines and fetch data without user awareness. Using malicious web browsers can also make you a victim of customer journey hijacking.
2. The Scary Permissions
On average, an extension requires seven different permissions to function in the desired manner. Google has enforced that developers need to obtain permission from the user before accessing any such information.
Again, most internet users are not aware of what data each permission pulls and what is passed on to other parties at the backend. As per our Browser Extension monitoring tool, around 70% of the extensions in the Chrome Web Store do not have any privacy policy, which means they do not justify the permissions and the reason behind accessing the user data. As such, they can do anything they want with all the data they are collecting, including selling that data or using it for other nefarious purposes, including affiliate fraud.
3. Popular Extensions are Replicated
Developers imitate popular extensions to acquire more users, get access to more of their data, and control what they see in their browsers. Unfortunately, these extensions often request excess permissions than necessary, and the users end up leaking their data or becoming victims of fraud.
Web Browser Extensions - FAQs
1. How harmful can Browser extensions be?
Browser extensions are extremely helpful in enhancing the functionality of browsers. They are tools made specifically to improve user experience, like checking grammar, blocking ads, and much more. However, if you are not careful and give permission to an extension built with nefarious intent, you can end up with a breach of privacy and compromised data.
2. Can Chrome Extensions Hack?
Any Chrome extension developed for malicious practices can hack into your system and steal fragile and sensitive data. These extensions can track your each and every activity and can access your financial information as well.
3. Can you trust Browser Extensions?
Most browser extensions are highly safe and user-friendly. Yet, there is always a degree of risk involved when it comes to web browser extensions. Every extension needs your permission to work, so read the terms and conditions carefully.
How to Prevent Your Data From Getting Compromised?
A very popular extension on the Chrome Web store – Adblock for YouTube, is imitated by multiple developers to divert real user traffic. These extensions provide a similar experience but, at the backend, request permissions to read the user’s personal data. The data gathered by the malicious extensions are sold in the market to the research and marketing firms, and used by the competitors, resulting in financial fraud.
As scary as this sounds, it is a threat to the Brand's marketing efforts as it directly hits the brand's reputation, legitimate affiliate commissions, customer experience, and advertising budgets. Virus Positive Technologies Brand Protection Solutions help you protect your Brand online.
Contact our sales team for a live demo at – sales@viruspositive.com.