Beware of Malicious Browser Extensions
August 28, 2024
By Genady Vishnevetsky
Recently, a widespread campaign has targeted users of Chrome and Edge browsers with malicious extensions that are difficult to remove. These extensions can hijack your searches and steal private data. Read on to learn how it works.
Attackers create fake websites that look like legitimate sites offering popular software such as VLC or KeePass. If you download software from these counterfeit sites, you'll end up with a malicious installer instead of the genuine software. Once the malicious installer is executed, it sets up a hidden task on your computer. This task is meant to run in the background without your knowledge. It then proceeds to download and run a PowerShell script. PowerShell is a scripting language built into the operating system and used to automate tasks on Windows.
The PowerShell script installs harmful browser extensions, which are made to be hidden from your browser's extension management page, making them hard to find and delete. These extensions can hijack your default search engine settings so that your searches are redirected to the attacker's portal, potentially exposing your sensitive information.
Takeaways
- Always download software from the official website or trusted sources. Avoid downloading software from unfamiliar or suspicious websites.
- Regular updates can help protect against known vulnerabilities. Make sure your browser is set to update automatically.
- Install and regularly update a reputable antivirus program. It can help detect and remove threats before they cause harm.
- Only install browser extensions from approved stores and trusted developers. Review your installed extensions regularly and remove any that you don't recognize or no longer use.
- Modern browsers come with built-in security features, such as safe browsing and download protection. These features can help protect you from malicious websites and downloads. To enhance your online security, ensure that these features are enabled in your browser settings.
You can comment on this article here.
Genady Vishnevetsky is chief info security officer for Stewart Title Guaranty Co. and chair of ALTA’s Information Security Work Group.
Contact ALTA at 202-296-3671 or [email protected].