Eliciting Current Activities of Malicious Browser Extensions
Threat actors have a knack for convincing users into downloading malicious software. To accomplish this, the crooks heavily rely on trusted entities and one of these is browser extensions.
The growing popularity of malicious extensions
Almost all popular web browsers offer extensions, including Chrome, Safari, Opera Firefox, Microsoft Edge, and Internet Explorer. With a large user base, it makes it quite easy for cybercriminals to publish malicious browser extensions that perform illicit activities, including spying and data theft, among others.
Trending activities of malicious extensions
- Lately, threat actors abused more than 20 browser extensions, including the popular ones such as Frigate Light, Figate CDN, and SaveForm, to secretly play videos in users’ browsers and inflate view counts.
- At least 28 malicious programs posing as third-party extensions for top social media sites infected millions of systems with an intent to redirect users to phishing sites, display advertisements, and steal data.
- Microsoft removed 18 browser extensions from the Edge Add-ons portal after threat actors were caught injecting ads into users’ web search result pages.
- Cryptocurrency exchanges were also not spared from malicious extension threats that caused the loss of users’ funds. CipherTrace found that the funds were stolen via a Chrome browser extension masquerading as popular Ethereum wallet MetaMask.
Additional threat adds more trouble
- Microsoft warned about a well-organized threat campaign where a particular strain of malware called Adrozek was distributed to modify browser settings and extensions.
- The malware was distributed through drive-by-download attacks. Once installed, it made a number of modifications to enable attackers to steal users’ credentials and do more.
As our reliance on browsers grows, so does the risk of cyber threats. Malicious extensions are the latest attempt by cybercriminals to hide code in add-ons for popular browsers. They have been downloaded to devices associated with healthcare, retail, oil and gas, government, financial, and other sectors. Given the potential threats of malicious extensions, it has become increasingly important to detect and deactivate them before they reach users’ browsers.