Info Stealing Extensions

Next story

Browser extensions. Most people use them, they can make browsing the web even easier, enhance specific sites or turn ads into cat gifs. They can also, according to a recent report, steal your login details.

Often when you’re installing free software there’ll be a tick box complete with multiple double negatives trying to convince you that you need a new toolbar in your browser.

According to UC Santa Barbara computer scientist Alexandros Kapravelos many of these extensions, and others, have hidden extras that cause trouble.

The report resulted in Google removing almost 200 bad extensions, although Kapravelos admits that “It is a very hard problem to deal with.”


Understanding its function


Part of the problem is having “a complete understanding of what the extension is doing, sometimes it is not clear if that behaviour is malicious or not,” as Kapravelos highlights.

Mark James, ESET security specialist, explains that one of the fundamental problems with extensions involves permissions and updating.

“Often extensions are given permissions and access rights that they are free to use as they please.

“The original extension may be quite harmless but it is possible when updating them to introduce malicious actions that do not require new permissions if already granted.”

It’s a relatively simple bait and switch, similar to the way that some app based malware operates on Android.

Swedish security firm ScrapeSentry looked at one extension in particular, Webpage Screenshot, which had been downloaded roughly 1.2m times.


Webpage Screenshot


Mark explains the extensions in question and what it was doing.

“The application itself is designed to enable you to take screenshots and store them in the cloud, the downside is this type of technology can be easily misused.

“It appears that’s exactly what’s happening here. The chrome extension contains malicious code that has the ability to send all your browsing data to a single server in the USA, any information including page titles could be sent off without your knowledge.

“They do state that they will use anonymous usage statistics and there is a tick box to disable it, but it is very hard to find and it appears that even if you choose to untick the box that information is sent anyway.

“It also appears they have couplings with other known vendors that utilise pop-up cash back advertisements and a well-known browser search toolbar.”


How do I defend myself?


Mark explains that we need to view extensions like any other piece of free software or app and always remember that your data is precious.

“Extensions can enhance our browsing experience but like a lot of free software we need to evaluate it and what it offers vs. the risks of “free”.

Have a read of the reviews, do a few searches on the extension itself to better understand what it does.

“Remember even if it looks safe if you give it permissions to do something it may update itself at a later date to do something malicious and STILL have that authorisation, review them often to see if you really need them and if not remove them.”

Join the ESET UK LinkedIn Group and stay up to date with the blog.

How many extensions do you have installed?