Millions of us are using malicious browser extensions without realizing

Hands typing on a keyboard surrounded by security icons
(Image credit: Shutterstock)

Malicious browser extensions are becoming so widespread that millions of users apparently have them installed.

A new report from Kaspersky analyzing telemetry data from its endpoint protection solution and found that in the last two and a half years (between January 2020 and June 2022), there had been more than 4.3 million unique users attacked by adware hiding in browser extensions. In other words, some 70% of all affected users encountered this type of threat.

Furthermore, it claims to have prevented more than six million users from downloading malware, adware, and riskware disguised as browser extensions, in that time period.

Adware and malware

These extensions target users with adware and other forms of malware on a daily basis, while they remain oblivious to the fact that they’re actually being attacked.

The most popular type of malicious browser extension is adware - unwanted software that promotes affiliates rather than improves the user experience. These extensions monitor user behavior through browser history, in order to redirect them to affiliate pages and thus earn commission for their makers. According to Kaspersky, WebSearch is the biggest in this category, detected by antivirus programs as not-a-virus:HEUR:AdWare.Script.WebSearch.gen, and downloaded almost 900,000 times. 

While this tool promises to improve the experience of office workers (by simplifying conversion between .doc and .pdf files, for example), it actually changes the browser’s start page, and uses the resources to earn extra money through affiliate links. 

The extension also changes the browser’s default search engine to myway, which captures user queries, collects, analyzes them, and then serves the victim affiliate links in search engine results pages.

The second most popular type is malware, usually built to steal login credentials and other sensitive information, such as payment data. 

The best way to protect your devices from malicious browser plugins is to make sure to always download them from trusted sources, and to check reviews and ratings.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.