Malware as Browser Plugins

March 20, 2018
Anti Phishing image

Watch out for browser extensions this time

Previously we have been talking about mobile apps mostly on the Android environment that are being used to hijack malware into some legitimate looking apps in order to deploy different scripts to steal as much data to extort money either by combining phishing attack strategies or directly snoop data back to the hacker.

This time we should raise awareness on browser extensions found in Chrome, Firefox and other browser, though they have their own stores via their browser to download extensions, surprisingly it still is not malware free despite the method being implemented on the browsers. In Chrome there has been a great reduction of malware extensions thanks to the chrome web store for extensions, they claim that there has been a 70 percent decrease of such malicious extensions installs for the past two and a half years.

Due to the nature of how programming works, such malicious extensions scourging the browsers will likely continue penetrating web browser stores. But users won’t have to worry because teams behind the browser extension stores are working hard to make it malware free and scam free, especially Chrome however it has limitations because the browser itself is a trusted application by operating systems and anti-malware software, therefore when users give extensions permission to do whatever it wants on the system, they will most likely have the same permission as the browser on the system giving it stealth to run on devices.

With the migration of systems and services moving into the browser environment, the greater potential where more important data and network access a harmful browser extension could potentially get.


Through phishing strategies such as using a legitimate company name and logo or through compromised sites, malicious extensions can be distributed, attackers have also more sophisticated way sneaking their extension into browser stores or worst bypassing the awareness of the users of such extension installed by piggybacking into another extension. Surprisingly after the installation of extensions that appears to be harmless, the attacker can modify the extension remotely to conduct malicious activities by adding such functions, in this way this is harder to detect by security teams behind browser web stores.


Similar to phishing attacks, attackers can impersonate browser extensions of legitimate companies such as Ad Block plus which has been removed by Google last October.


Users should be carefully examining the source of browser extensions and their need to download and install as such. Especially those who are using web-based systems for work and businesses, browser extensions should be strictly monitored on the users’ devices.

As previously mentioned attackers can imitate and damage intellectual property which comes along with a company’s image, victims of such browser hijackers won’t care since it is possible that bad impression can stick to a victim’s mind and leave an implication that such legitimate company is spreading malicious activities. It would be best for companies to monitor different browser web stores that can potentially use their name or modify their logo to trick and scam people into installing such malicious extensions.

About the author

Leave a Reply