Google, Mozilla Crack Down on Malicious Extensions and Add-ons
Browser security takes a hit as Google and Mozilla discontinue a large number of browser extensions and add-ons due to malicious activity.
Google suspends Chrome extensions
The Google security team has temporarily disallowed the publishing or updating of paid extensions that use the Chrome Web Store payments. This is due to an influx of fraudulent transactions performed via the said extensions.
The suspension affects extensions that require a fee before installation, are accessed via monthly subscriptions, or have options for one-time in-app purchases for access to other features. Developers receive the message “Spam and Placement in the Store” when trying to publish or update an extension, indicating that the request has been rejected.
Existing paid extensions are still available in the official Chrome Web Store, but their developers won’t be able to update them yet. The ban will go for an indefinite period as Google continues to seek long-term solutions to strengthen security against related threats.
Mozilla bans nearly 200 add-ons
Mozilla banned 197 suspicious Firefox add-ons that executed malicious code, ran codes from a remote server, stole user data, collected user search terms, and obfuscated source code, all of which are violations against Mozilla’s rules.
The add-ons have been removed from the official Mozilla add-on portal (AMO) and disabled in the browsers of users who had installed them before the ban.
Among those banned were 129 add-ons from a business-to-business (B2B) software provider. Several add-ons for online courses and fake premium products as well as a document-to-PDF converter and fake video downloader were also discontinued.
The add-on developers can appeal the ban as long as they are cleared of malicious behavior. Developers of one of the add-ons successfully appealed their case, as they clarified the misunderstanding that they harvested and submitted user credentials from social media websites to another website.
Cybercriminals conceal malware in extensions
A piece of malware can go unnoticed in browser extensions as it can be concealed in many ways. One of the most used methods is obfuscation, or deliberately creating code in a way that is difficult for humans to understand. Although some obfuscate code to protect intellectual property and secure against unauthorized entry, the same method is used by many cybercriminals to bury the malware deep within the codes of the browser extension.
On the other hand, some cybercriminals disguise nefarious intent by naming their extension almost similarly to reputable extensions. These copycats even go as far as mimicking the behavior of the extension they are named after (at least for the first few days). Since these extensions share similarities with the legitimate ones, unwitting users install the malicious ones, and it may take some time before they notice something wrong.
Malicious extensions commonly have useful functions on the outside while hiding malware inside. Some don’t even bother with this mask and are outright malicious. For example, the Trend Micro Cyber Safety Solutions Team found a malicious extension it named FacexWorm, which targeted cryptocurrency trading websites and used social engineering to propagate through a chat application.
Strengthening browser security
Plenty of browser extensions and add-ons offer a host of benefits, making the daily lives of users easier and the operations of businesses smoother. However, they may also serve as gateways for threats, as they may be used to steal personal information or inject malware.
Even the most vigilant users may let their guard down when installing browser extensions since these extensions come from the official browser stores and are assumed secure. The recent bans by Google and Mozilla highlights the need for strong browser security. Combined, the two companies’ browsers account for 78% of the desktop browser market, which means a great number of people can be affected in case a malware breaks loose through their browsers. The moves from the two companies serve to protect the users of their browsers, especially given the necessity to comply with data privacy regulations such as the European Union’s General Data Protection Regulation (GDPR).
Users are also encouraged to do their part in securing their systems. It pays to be extra careful when installing extensions or add-ons and to regularly check for ones that may have been installed illicitly.
For stronger security, users can arm themselves with an extra layer of protection, such as the Trend Micro™ Browser Guard, which is available for free. Trend Micro Browser Guard protects against zero-day exploits and malicious scripts that may come from harmful extensions. It also communicates and readily integrates with the Trend Micro Smart Protection Network™ infrastructure.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.