The secret of malicious extensions: what do popular browsers hide?

[Brother]

The layerX analysis reveals risks and provides solutions for safe web surfing.

The layerX report provides an in-depth understanding of the threat landscape of malicious browser extensions. The report draws attention to how malicious extensions can compromise users ' security and privacy, and suggests comprehensive measures to reduce risks.

3 types of malicious extensions

Malicious extensions can be divided into three main groups::

1. Initially malicious extensions. They are deliberately created by hackers and can either be uploaded to online stores or placed in the cybercriminal's infrastructure.
2. Compromised extensions. Initially, legitimate extensions that are either purchased directly by attackers, or compromised and used for malicious actions.
3. Risky extensions. Legitimate extensions that, although not originally created with malicious intent, have excessive permissions that can pose a security risk.

Methods for installing malicious extensions

• Installation by the administrator. Distribute extensions through network administrators within the organization. They are often installed with official approval for use on the corporate network. It is important to evaluate whether these extensions are really necessary for operation and what the risks of using them may be.
• Normal installation. Users download extensions themselves from official extension stores. This approach allows users to choose which extensions to install, which provides flexibility, but raises security concerns about the potential risks associated with choosing employees. Evaluating the popularity and security of extensions among employees is vital to maintaining security.
• Installation by developers. Extensions are downloaded directly from employees ' local computers. These extensions often bypass the normal security verification procedures that your organization has in place. It is important to control which extensions employees can download and use.
• Installation using the Sideloading method. This method involves installing extensions by third-party applications, such as Adobe or other software vendors. This is the most risky method, as it can be used by malicious users to install malicious extensions without the user's knowledge. You should carefully evaluate how these apps interact with browsers and what access rights they grant extensions.

According to layerX, 81% of extensions are installed by users from official browser stores.

Indicators of potentially malicious extensions

• Address and email address. The lack of developer contact information in the Chrome Web store may indicate a lack of developer responsibility. It is very important to know who is behind the extension.
• Date of last update. The rarity of updates may indicate potential security risks and compatibility issues.
• Privacy policy. The absence of a privacy policy may indicate problems with the processing of user data and confidentiality.
• Rating. User ratings can give you an idea of the quality and reliability of the extension. User comments and feedback can identify potential issues related to the extension, including reports of suspicious or malicious activity.
• Number of reviews. More reviews usually means a larger user base and less risk of problems or security threats.
• Support service. The presence of a support service increases the likelihood of quick response to user problems and questions.
• Number of users. Extensions with a large number of users are usually considered more secure.
• Official website. The presence of an official website may provide additional information and resources, but the absence of a website may indicate a lack of transparency.
• Availability in unofficial stores. Extensions that are only available outside of the official browser stores may pose a risk.
• Unusual installation methods. Extensions that are installed in non-standard ways, such as through sideloading or developer mode, should be considered with caution.

Methods for mitigating threats

The layerX report offers the following methods for mitigating threats related to malicious browser extensions:

• Checking and evaluating extensions. Organizations should carefully review each extension before installing it, evaluating its need, functionality, and security.
• Training and awareness of employees.It is important to train employees in an informed approach to installing extensions, including the ability to recognize potentially dangerous features and understand the risks associated with their use.
• Restriction of access rights.Limiting the rights granted to extensions to the minimum required level can significantly reduce the potential damage caused by malicious actions.
• Regularly update extensions. Ensuring that all installed extensions are updated to the latest versions is important to prevent exploiting known vulnerabilities.
• Use of security tools. Using solutions to detect and prevent malicious activity, including antivirus programs and intrusion detection systems, can help identify and block malicious extensions.
• Extension usage policy. The development and implementation of a corporate policy regarding the use of extensions helps in creating clear rules and restrictions for employees.
• Monitoring and auditing.Regular auditing and monitoring of installed extensions for suspicious activity or changes helps you identify and prevent threats in a timely manner.
• Collaboration with extension developers. Working with developers to improve the security of extensions can be an effective way to reduce risks.

The report itself contains additional information that any security or IT specialist should definitely read. This includes dangerous browser extension permissions that you should pay attention to, the attack vector of browser extensions, mitigation methods, and much more.