Malicious browser extensions often look harmless, and many are helpful tools that actually work as advertised. This makes it even more difficult to tell them apart from safe, legitimate extensions.
Still, they’re quite the opposite: They steal your data, track your every move, and can even slow down your computer to a crawl. Below, we’ll take a look at what makes these sneaky plugins so harmful and how to spot them before they crash your browser (or do something much worse).
Understanding Malicious Browser Extensions
When you install a malicious browser extension, you might not notice any issues immediately. These extensions often disguise themselves as legitimate tools, and hide their illicit activity in the background to avoid raising suspicion for as long as possible.
For example, the “Shitcoin Wallet” extension was marketed as a tool to help people manage their cryptocurrency. It was also secretly injecting JavaScript code on websites to steal login credentials and private keys from people’s cryptocurrency wallets and exchanges.
What Can Malicious Browser Extensions Do?
1. Steal Your Data
Malicious browser extensions can capture your sensitive data in two main ways – through passive phishing and active phishing.
Passive phishing | When an extension monitors your web activity and operating system. Often, it will record your keystrokes with the aim to capture login details, credit card info, and other information about you. |
Active phishing | Some malicious extensions pose as trusted sources, such as banks, to directly ask you for information. They may claim they need your credit card or login details to fix an account issue, for example. These phishing attempts are convincing, often replicating legitimate websites and communications to trick you into providing personal information. |
Your browser usually remembers sensitive information for you, such as usernames and passwords. This is really convenient, but it creates a vulnerability: if you download a malicious extension, it can potentially see all of your saved information. This exposes everything from your passwords to your credit card details.
2. Install Adware and Malware
Once you install the extension, it can download and execute adware and malware without your knowledge. This secondary malware can perform a variety of harmful actions in the background, such as encrypting your files for ransom, spying on your activity, or even taking control of your device.
3. Slow Down Your System
Malicious extensions often run a number of background processes, like recording and transmitting your data or using your system for crypto mining. Both consume valuable system resources, including your CPU and RAM. Overworking these can also generate excessive heat, which wears your hardware out faster.
How Do Malicious Extensions Make It Onto Your Browser?
Usually, you’ll need to download an extension for it to be activated on your browser. Malicious extensions typically come from two sources: a browser extension marketplace (even the official ones) or another harmful program you have installed that adds the extension to your browser. Even though most official browser marketplaces have strict publishing criteria, malicious add-ons often slip through as they contain hidden code that’s hard to detect.
This happened on the Chrome Web Store when an extension called “The Great Suspender” made it through to publishing. After thousands of people installed it, it was found to contain code that let third parties access people’s browsing history.
In a handful of cases, above-board extensions even get bought out by sketchy companies and turned malicious after updates. The handover usually occurs quietly, and the new company changes the code in the background. This turns previously useful add-ons into spyware tools without existing users knowing.
If you download apps from suspicious websites, you might also install a malicious extension without realizing it. These sites often bundle malware with the file you’re trying to download and automatically install the add-on when you open the file or run the program you downloaded.
You can also fall victim to a dangerous extension through a process called malvertising. The banners, sidebars, and pop-ups you see on some websites contain malware. When you click on these ads, whether intentionally or by accident, they may install a harmful extension without you even noticing.
How to Protect Yourself From Malicious Extensions
Identifying whether a browser extension is malicious can be challenging, but there are several steps you can take to reduce your chances of installing one and the risk they pose.
🔐 Install a VPN
VPNs, like CyberGhost VPN, encrypt your connection to protect all the information you exchange with websites. They also mask your IP address so nobody can track down your real-life location. Although this won’t totally protect you from malicious extensions, it may make some of the data they try to steal unusable.
CyberGhost VPN has a safe and tested browser extension for Chrome and browser add-on for Firefox, so you don’t even need to download the full VPN app to secure your browsing data. Our free browser extensions protect your privacy with our strong encryption and iron-clad no-logs policy. You also get to mask your IP address with one from the US, Netherlands, Romania, or Germany.
Need to protect more than just your browser traffic? You can upgrade to the full VPN anytime to secure all your data and access our VPN servers across 100+ plus countries.
👮 Use Security Software
Run regular scans with updated anti-malware software that has added browser security features. These tools can help detect and remove viruses that malicious extensions may have installed on your device.
🔍 Check the Source
Always download extensions from reputable marketplaces, such as the official Chrome Web Store, Mozilla Add-Ons for Firefox, or the Microsoft Edge Add-Ons page.
Even then, proceed with caution and check the publisher’s credibility. You should consider extensions from unknown developers or those with poor documentation suspicious, even if they’re published on your browser’s extension marketplace.
The Chrome Web Store and other marketplaces have a strict set of criteria developers must pass before an add-on is accepted, but there are always a few that slip through anyway. If they’re found to be malicious later, extension marketplaces will delete them from the shopfront. While that’s good for people who haven’t installed a malicious extension yet, this won’t automatically remove it from your browser. Because of this, you should routinely check up on the credibility of the extensions you use. It’s best practice to remove any you haven’t used in a while, even if they don’t seem suspicious.
❓ Examine the Permission Requests
When you install an extension, it will ask for permissions to access certain data or system processes. Be wary of extensions that request access to all your data, your tabs and browsing activity, or the ability to manage your downloads. If an extension asks for more permissions than it logically needs to function, it may be malicious.
📈 Monitor Browser and System Performance
A sudden system slowdown, unexpected crashes, or an increase in pop-up ads might indicate that one of your extensions is performing unwanted tasks in the background. Also, watch for changes in your browser settings, like new default search engines or homepages. These could be caused by a malicious extension.
🚧 Research the Developer
A legitimate developer will usually have a well-designed website, a history of developing reputable extensions, and transparent contact information. If you can’t find much information about the developer or their other products, take it as a cautionary sign.
⭐Read Reviews and Ratings
A large number of negative reviews about unusual behavior is a red flag (such as increased ads, slower browser performance, or privacy concerns). Be aware that some malicious extensions might have fake reviews, so don’t rely solely on this step.
Marketplaces usually take some time to remove malicious apps after people report them. This delay means that reviews are sometimes one of the only ways to determine if an app is generally trustworthy. Some extensions remain available for a significant time after users report suspicious behavior.
🖥️Check for Updates and Support
A lack of updates and developer support can make extensions vulnerable, or indicate that they’re malicious already. Regular updates mean the developers are actively improving the security and functionality of the extension.
There are some legitimate reasons an extension may not provide reliable customer support. For example, free add-ons with smaller developers don’t tend to have the resources to run a 24/7 live chat. However, malicious extensions almost never have support channels as their developers won’t waste resources on that when their goal is to harvest user data, not offer a service.
How to Get Rid of Malicious Browser Extensions
- Temporarily disable your extensions. Go to your browser settings, click Extensions and toggle each program off. This will prevent any malicious add-ons from harvesting your data or controlling your search engine results during this process.
- Look for any extensions you don’t remember installing and delete them. From the Extensions page, click Remove on any add-ons you want to delete.
- Inspect your other extensions. Going down the list, search for any reviews or news items that indicate the extension is not trustworthy. Delete any that have a bad reputation or that you can’t verify the safety of.
- Use your antivirus to run a comprehensive scan. It may detect and eliminate any residual files or hidden malware.
- Clear your browser data. Include the cache, cookies, and history to remove any traces of the extension. This option is found under privacy or history settings in most browsers.
- Keep your browser updated. This way, you benefit from the latest security patches.
- That’s it. Stay vigilant, regularly review your extensions, and maintain good cybersecurity practices to keep your browsing experience safe and secure.
Can a VPN Protect You Against a Malicious Browser Extension?
VPNs can’t remove malicious extensions from your browser or prevent them from working, but they do provide some valuable layers of defense. For the best protection, switch on CyberGhost VPN before you open your browser. Here’s how it can help:
- Content blocking. CyberGhost VPN blocks ads and suspicious links that originate from malicious extensions.
- Hiding your location. VPNs mask your IP address to protect your location from being tracked by malicious extensions. Even if an extension tries to redirect you to a harmful site, your real location remains hidden.
- Encrypting your data. Trustworthy VPNs create a secure, encrypted connection for your device. This protects your data from being intercepted by third parties, like the criminals who run malicious extensions. Although it can’t prevent extensions from harvesting data directly from your browser or device.
FAQ
Start by identifying any suspicious or unfamiliar extensions in your browser. Remove these and run a comprehensive security scan with your antivirus.Then, clear your browser data, including cache, cookies, and history, to eliminate any traces left by the malicious extension.
To prevent re-infection, use a VPN extension, like CyberGhost VPN. It encrypts your data and comes with a built-in ad-blocker that blocks malicious ads and sites harmful extensions may redirect you to.
A malicious extension is a harmful add-on that can steal your personal information, install malware, and influence the way your browser behaves. These add-ons usually mimic legitimate, useful extensions, but in the background, they run processes that record your data or inject malware into your system.
You might download one accidentally from unofficial sources or bundled with other software, creating significant risks to your security and privacy. You can download the CyberGhost VPN Chrome extension from the official Chrome Web Store to encrypt your browser traffic and help protect your data from malicious cybercriminals.
Generally, yes. There are many legitimate Chrome extensions. However, sometimes even legitimate-looking add-ons aren’t safe to use (even if they’re on the official Chrome Web Store). You need to remain vigilant when downloading extensions. Follow our guide above to learn how you can lessen your risk when installing extensions on Chrome.
Leave a comment