Millions under threat from malicious browser extensions — what to do

A computer showing the Chrome Web Store
(Image credit: Tom's Guide)

Extensions can add all sorts of new functionality to your favorite web browser, but they can also contain hidden threats with more than 1.3 million users affected in the first half of 2022 alone.

According to a new press release from the cybersecurity firm Kaspersky, malicious browser extensions pose a serious risk to users as they can insert ads, collect browsing data and even steal the login credentials to your Facebook and other social media accounts.

Of the threats found in malicious browser extensions, adware is the most prominent as well as the most annoying. Browser extensions designed to spread adware can embed banners in web pages or redirect users to affiliate pages that their developers can earn money from. In fact, from January 2020 to June 2022, Kaspersky discovered that more than 4.3 million users had adware hiding in their browser extensions.

Impersonating legitimate browser extensions

Back in 2020, Google removed hundreds of malicious browser extensions from the Chrome Web Store that were designed to steal user data including cookies and passwords and even take screenshots. These malicious extensions were downloaded 32 million times which means the data of millions of users could still be at risk.

While malicious extensions sometimes find their way onto official stores, the main way they are distributed is through third-party resources. For instance, FB Stealer, one of the threats analyzed by Kaspersky’s researchers, was spread primarily through untrustworthy websites.

FB Stealer is particularly concerning as in addition to replacing your preferred search engine, it can also steal your credentials. Your username and password are then used to hack your Facebook account. This malicious extension is also hard to detect as once installed, it impersonates Google’s own Google Translate extension  

Anton Ivanov, senior security researcher at Kaspersky, provided further insight on whether or not you should avoid using browser extensions altogether, saying “Even browser extensions that do not carry a malicious payload can be dangerous.

"For example, when the developers of these add-ons sell gathered user data to other companies, potentially exposing their data to someone who was not supposed to see it," Ivanov continued. "Users may wonder whether it is worth downloading browser extensions at all when they can carry so many threats. I am an active user of browser extensions myself and believe that add-ons improve the online experience. Some extensions can even make devices a lot safer, for example, password managers. It is much more important to keep an eye on how reputable and trustworthy the developer is and what permissions the extension asks for. If you follow the recommendations for safe use of browser extensions, the risks of encountering any threats will be minimal.”

How to protect yourself from browser extension threats

Laptop showing security lock on screen

(Image credit: Shutterstock)

In order to protect yourself and your data from browser extension threats, Kaspersky first recommends that you only use trusted sources to download software. Malware and other unwanted applications are often distributed through third-party resources as they don’t have the same security checks in place that official web stores do.

If you do download a new browser extension, you should carefully examine any add-on requests before agreeing to them. This is especially true if these requests are outside of the scope of the browser extension. 

At the same time, it’s also worth limiting the number of extensions you use and periodically reviewing which extensions you have installed in your browser.

Finally, you should have one of the best antivirus software solutions installed on all of your devices as they can flag malicious extensions and warn you that they should be removed.

Next: You can look at our guide on how to install Safari extensions on Mac.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.