Kaspersky Lab analysts released a report showing that almost 7 million users encountered malicious and unwanted browser extensions from January 2020 to June 2022.
The researchers note that malicious extensions are not always easy to detect. For example, sometimes the wording in their description is so vague that it is impossible to judge safety from them. For example, base extensions often require that they be granted the right to “view and change your data across all sites”. Perhaps this is really necessary for their stable operation, but potentially it gives them almost unlimited rights. Even if such an extension does not contain malicious code, it is still potentially dangerous.
Moreover, after obtaining the right to “read all data on all sites”, extensions begin to collect huge amounts of information from all pages that the user visits. To make more money, some developers share this data with third parties or sell it to advertising agencies. The problem is that sometimes the data is not anonymized enough.
In addition, sometimes extension authors perform automatic updates without waiting for the user’s consent: as a result, even initially legitimate extensions can turn into unwanted or malicious software.
The company’s report states that in the first half of this year alone, 1,311,557 users attempted to download malicious or unwanted extensions at least once. This figure is more than 70% of the number of users affected by this threat in the past year, and there is still six months to go.
Expert statistics also show that from January 2020 to June 2022, more than 4.3 million unique users downloaded adware under the guise of browser extensions. This is approximately 70% of all users who have downloaded malicious or unwanted add-ons, and one million of them occur in the first half of 2022.
Also in the first floor In 2022, the most common advertising programs were members of the WebSearch family, which collected and analyzed search queries and redirected users to referral sites.
At the same time, as can be seen in the graph below, in general, the number of downloads of malicious and unwanted extensions is gradually decreasing.
The second most popular threat was the malware itself. Having penetrated the user’s device, such extensions can cause various harm. So, some collect credentials and other confidential information. Not only do they intercept cookies and clipboard data, but they also intercept keystrokes.
From January 2020 to June 2022, more than 2.6 million unique users downloaded malware disguised as a browser extension. This is 44% of the total number of users who were attacked by malware or unwanted software during this period.