Muscat – Kaspersky researchers have analysed the risks innocent-looking browser extensions pose to users and the activities of cybercriminals hiding threats under add-ons.

In the first half of 2022, more than 4,000 users were affected by threats, hiding in browser extensions, at least once, which is over 19 per cent of the number of users affected by the same threat throughout the whole of 2021 – with still another half of the year to go.

Mimicking popular apps, such as Google Translator or extensions with useful functionality like PDF Converter or Video Downloader, threats in browser extensions can insert advertisements, collect data about users’ browsing histories and even search for login credentials, making it one of the most desirable tools for cybercriminals.

Since the beginning of 2020, Kaspersky products have prevented approximately 6mn users from downloading threats disguised as browser extensions. The most prominent threat spread under the guise of browser extensions has been adware – unwanted software designed to throw advertisements up on the screen. Such advertisements are usually based on the browsing history to catch users’ interest, embed banners in web pages or to redirect them to affiliate pages that the developers can earn money from, instead of legitimate search engine ads.

From January 2020 to June 2022, Kaspersky experts observed more than 11,000 unique users faced adware hiding in browser extensions, which means approximately 84 per cent of all affected users have encountered this threat.

“Even browser extensions that do not carry a malicious payload can be dangerous – for example, when the developers of these add-ons sell gathered user data to other companies, potentially exposing their data to someone who was not supposed to see it. Users may wonder whether it is worth downloading browser extensions at all when they can carry so many threats. I am an active user of browser extensions myself and believe that add-ons improve the online experience.

“Some extensions can even make devices a lot safer, for example, password managers. It is much more important to keep an eye on how reputable and trustworthy the developer is and what permissions the extension asks for. If you follow the recommendations for safe use of browser extensions, the risks of encountering any threats will be minimal,” said Anton V Ivanov, senior security researcher.

For protection from threats hiding in browser extensions, the use of trusted sources to download software is recommended. Malware and unwanted applications are often distributed through third-party resources where no one will check their security in the same way as official web stores do.

These applications may install malicious or unwanted browser extensions without the user knowing about it and can perform other malicious activities. Extensions add extra functionality to browsers and require access to various resources and permissions, for which a careful examination of requests is needed.