Malicious Browser Extensions
More than 1.31 million users attempted to install malicious or unwanted web browser extensions at least once, new findings from cybersecurity firm Kaspersky show.
“From January 2020 to June 2022, more than 4.3 million unique users were attacked by adware hiding in browser extensions, which is approximately 70% of all users affected by malicious and unwanted add-ons,” the company said.
As many as 1,311,557 users fall under this category in the first half of 2022, per Kaspersky’s telemetry data. In comparison, the number of such users peaked in 2020 at 3,660,236, followed by 1,823,263 unique users in 2021.
New HTTP Request Smuggling Attacks Target Web Browsers
The most prevalent threat is a family of adware called WebSearch, which masquerade as PDF viewers and other utilities, and comes with capabilities to collect and analyze search queries and redirect users to affiliate links.
WebSearch is also notable for modifying the browser’s start page, which contains a search engine and a number of links to third-party sources like AliExpress that, when clicked by the victim, help the extension developers earn money through affiliate links.
“Also, the extension modifies the browser’s default search engine to search.myway[.]com, which can capture user queries, collect and analyze them,” Kaspersky noted. “Depending on what the user searched for, most relevant partner sites will be actively promoted in the search results.”
A second set of extensions involve a threat named AddScript that conceals its malicious functionality under the guise of video downloaders. While the add-ons do offer the advertised features, they are also designed to contact a remote server to retrieve and execute a piece of arbitrary JavaScript code.
Malicious Browser Extensions
