Over the last seven years, a malware campaign has turned browser extensions people trusted into powerful spyware, with up to 4.3 million users affected.
Most of us install extensions in good faith that they’re going to help us. Perhaps they’re a simple productivity tool, a tab organizer, or an ad-blocker. Unfortunately, they don’t always help us, even when they claim they will. A recent investigation by cybersecurity researchers has uncovered a sleeper threat which demonstrates exactly this. Popular extensions, which once worked as they claimed, have been repurposed to become malware which spies on users and steals data.
Some of these extensions have been active since 2018 and many have gained thousands, and even millions, of users. Accordingly, it’s crucial that you understand the threat posed by malicious extensions, so Ophtek is here to tell you everything you need to know.
How Simple Tools Became Backdoors for Hackers
The operation, traced to a group called ShadyPanda, took its time and used a long-term strategy to cause maximum chaos. Over several years, they built trust, gained countless users, and, when they suspected nothing, unleashed their malicious payload. The extensions, when released, were legitimate and contained zero threat. However, once these extensions had been installed and trusted by numerous users, something changed. These ‘innocent’ extensions were updated with malicious code which gave ShadyPanda remote access and the ability to spy.
Here’s how the extensions were quietly changed to become powerful hacking tools:
- Some of the extensions were updated to include a backdoor which enabled remote code execution. This allowed the hackers to execute whatever commands they wanted from within the user’s browser.
- Once activated, the malicious extensions set about monitoring and recording everything. Every website visited, every search query, and every browsing fingerprint was stealthily harvested and transmitted to remote servers controlled by the attackers.
- Certain extensions did more than just spy on users, they also injected malicious content into any webpages visited – even pages secured with HTTPS – which gave the attackers a way to manipulate sites you trusted.
It’s an innovative and deceitful attack. The extensions were genuinely safe when first released, plus they were relatively simple and didn’t draw too much attention. However, as they were updated over the years, they were repurposed for their true objective: to hack.
Keeping Your Browser Extensions Safe
Browser extensions can be incredibly useful, but, as ShadyPanda has proven, they can also be used to hide dangerous malware which steals your data. To stay safe, follow these three essential practices:
- Always Check Permissions: Before you install an extension, make sure you look at what it requests access to. Avoid extensions which ask for permissions to view all your browsing data, unless this is absolutely necessary for the extension to function.
- Stick to Official Sources: Only download extensions from official browser stores and developers who are well-reviewed and have an established reputation. Avoid third-party websites or vague links as these can often host malicious versions.
- Regularly Review Your Extensions: Make a point of regularly auditing the browser extensions installed on your PC. If you no longer use an extension, or don’t recognize it, then uninstall it to help secure your PC.
For more ways to secure and optimize your business technology, contact your local IT professionals.
