Malicious Chrome Extensions

Hello Readers! I hope you all are doing great.

In this blog we'll talk about harmful extensions in Google Chrome, but first, for those readers who aren't aware of what extensions are, let's talk about extensions.

What are Chrome Extensions?

Google Chrome was the most used web browser in 2020, because of its many user-friendly features. Chrome is a lightning-fast web browser that loads and shows pages in a flash. Google Chrome has a very basic, straightforward interface that makes it simple to use. Apart from these characteristics, one of Chrome's most alluring aspect is its extensions. Google Chrome extensions are essentially programs that may be installed in Chrome to change the functionality of the browser. Extensions make browsing more convenient for users. On Chrome's Web Store, we can quickly locate a variety of extensions. The most often used extensions are those for preventing pop-up adverts, creating to-do lists, taking notes, and so on.

These extensions, as we can see, have a broad range of functions and can help us enhance our productivity. While the vast majority of extensions are beneficial, a few are detrimental. There are extensions that may spam your webpages with unwelcome advertisements, and other extensions have been found spying on their users.


Malicious Extensions

Malicious Chrome extensions can be built from the ground up with malicious code or “updated” with malicious code after they reach a certain level of popularity. Google deleted over 500 fraudulent extensions from the Chrome Web Store in February 2020, injecting advertisements into millions of Chrome browser sessions. Users of the Google Chrome browser downloaded 111 rogue extensions, which propagated hazardous spyware, according to security researchers.


A Chrome extension that was used by almost 2 million people was recently removed by google after complaints that it had been hacked and was installing possibly dangerous malware and monitoring software on users' computers.

Although these extensions enable us to be more productive, the fact that some of them may pose a security risk to our system should not be overlooked. So, what are our options? Because numerous extensions have been identified performing strange things, just because they are on the Chrome Store doesn't imply, they are safe to install and use. So, first and foremost, we should never install an extension without first checking its reviews; this is the very least we should do.

The image above shows a chrome extension called "Downloader for Instagram." Everything appears to be normal so far, but when we look into the reviews, we get a clear picture.

Anyone with even little technical expertise would not install it based on these reviews, and guess what? This extension was also included on Avast's list of malicious chrome extensions.

Another approach to evaluate the validity of these extensions is to search for simple things like the name and logo of the organization if the extension claims to be a part of it, because most malware developers select a name and symbol that is almost similar to the recognized company's logo and name.

The following is a list of some Chrome extensions that Avast claims to have harmful code:

  • Direct Message for Instagram.
  • DM for Instagram.
  • Invisible mode for Instagram Direct Message.
  • Downloader for Instagram.
  • App Phone for Instagram.
  • Stories for Instagram.
  • Universal Video Downloader.
  • Video Downloader for Facebook™
As you can see, each of them has used the name of a well-known firm so that the consumer will identify them as genuine products from these well-known organizations and end up installing them.

When we install an extension, it will ask for some permissions. Read them carefully and see if the permissions they are asking for are truly necessary. For example, an extension to highlight text on a webpage would never require access to your PC's microphone or camera. This can be a red flag that the extension is performing malicious tasks. These types of extensions should not be installed, in my opinion.

This was a basic overview of harmful Chrome extensions; in future blogs, I'll show you how to make your own Chrome extension; moreover, if you still have any of the extensions listed above that have been found malicious, uninstall/disable them immediately. You can simply type “List of harmful Chrome extensions” into your browser to identify all the malicious extensions and uninstall them as soon as possible if they are installed on your system.

This brings us to the conclusion of this blog; I hope you found it useful. Please let me know your thoughts, and until then, stay safe!

Connect with me on LinkedIn!

28 Comments

  1. Thank you very much for giving information, and we want you to keep giving such information in future also.

    ReplyDelete
  2. Very informative..
    Gud going Captain.. 👍

    ReplyDelete
  3. It's a very useful information thank you ✌✌

    ReplyDelete
  4. This comment has been removed by the author.

    ReplyDelete
  5. Awesome work Preyash!! Really loved reading it!! Keep it up!

    ReplyDelete
  6. This comment has been removed by the author.

    ReplyDelete
  7. Preyuuuuuu lezzgoooooo :))
    This is amazezezezezeze

    ReplyDelete