Since 2020, around 7 million users have been targeted in an attempt to install malicious browser extensions. Further, 70% of those extensions were used to hide adware to target users with malicious ads.

Malicious extensions reaching millions

  • Telemetry data gathered by Kaspersky has revealed details that report over 1,300,000 attempts by users to install malicious extensions in H1 2022, an increased number in comparison to last year.
  • From January 2020 to June 2022, the security firm observed that adware extensions targeted 4.3 million users, of which 70% were malicious extensions in that specific period.

Furthermore, the security firm stopped around 6,057,308 users from downloading adware, riskware, and malware, which were masked as browser extensions in the same period.

Most prominent adware

  • Starting with WebSearch, the firm spotted related extensions targeting 876,924 users in 2022, mimicking productivity tools such as DOC to PDF converters and document merging apps.
  • Another malicious browser extension is FB Stealer, which is one of the most dangerous families. This adware is offered as a substitute for search engines and to steal credentials from Facebook.
  • AddScript adware extension was used in attacks aimed at 156,698 unique users. This particular adware was found hiding in web browser extension scripts.
  • The other popular adware family found on users' machines using malicious extensions was related to DealPly. The adware is behind the 97,525 infection attempts made in the first half of the year.

Reports revealed that the Websearch extension is no longer available in the Chrome Web Store.

Staying safe

The security firm has provided multiple recommendations; only using trusted sources to download software, and carefully examining add-on requests of extensions before agreeing Further, use a limited number of extensions and periodically review them and use a reliable security solution.
Cyware Publisher