Browser extensions are nifty little programs that can be implemented into your web browser itself, adding onto its capabilities and utility… at least, that’s the concept. Unfortunately, these programs also give cybercriminals a means of secretly launching an attack. The security firm Avast recently identified 28 such third-party extensions that have been installed—according to the download numbers, at least—by about three million people on Google Chrome and Microsoft Edge combined.
These attacks work similarly to how a phishing attack or a spoofed email would, as a user is promised one thing but winds up receiving something very different. While a malicious application may perform the task it claims to, it also may redirect the user to a phishing website or ad (making the cybercriminal some money) or simply steal some of the user’s information, like their birthday or email address.
In the case of these extensions, the code needed for several different malicious operations was present, including:
Avast’s researchers believe that only the first code was actively utilized, generating ill-gotten revenue for the creators of these extensions. Regardless, these extensions should be removed from any systems on your business’ network that they may be installed on.
The impacted extensions are as follows:
Again, we encourage you to check your company’s network to ensure that these extensions are not installed in any of your users’ browsers, and that you encourage your employees to do the same.
Not sure how to go about doing so? TaylorWorks can help. As a managed service provider, our services include remotely monitoring your business’ technology and network for threats while keeping abreast of this kind of news so that we can proactively resolve any issues that may influence your operations.
Find out more today by reaching out to us at 407-478-6600.
Comments