The browser extension is a double-edged sword. On one hand, browser extensions are convenient and helpful for users surfing the web. But, browser extensions can also turn around and bite the person using them. That’s why many IT admins are concerned with finding and eliminating malicious browser extensions to secure their system fleets.
What are Browser Extensions?
Browser extensions are small bits of code that run within a browser window, such as Chrome™ or Firefox, for personalization and/or efficiency. Browser extensions affect the appearance and operation of a web browser to best suit the needs and wants of the person using them. Some examples of popular browser extensions include the µBlock ad blocker and Bitly URL shortener.
Technically, browser extensions aren’t considered “applications” in the traditional sense, despite the fact they’re often installed to serve similar purposes. As such, they often fly under an antivirus software’s radar. Beyond that, browser extensions generally aren’t vetted by their vendors (i.e. Chrome Extension Store). This ultimately means browser extensions run the possibility of including malicious code, such as malware.
The Nature of Malicious Browser Extensions
Bad actors can use browser extensions in their attacks. For example, a browser extension has the potential to reap critical identity information information, such as login credentials or credit card data, just by being added to an internet browser.
A devious developer can make a malicious browser extension by adding background processes, usually underwritten into the extension’s code, that query the browser for additional information. This information could include credit card data, which is often stored for use on e-commerce and other sites. In some cases, the code may not contain any “overtly malicious” content but instead contain two smaller applets. When run in tandem, these applets redirect traffic through the browser to a paid advertisement site and create hundreds of false clicks.
The tricky bit, however, comes when the extension is added to a user’s browser experience. Most extensions use OAuth to request access to certain data and endpoints, such as a system’s camera or microphone. Many noted malicious extensions forgo that step, convincing the browser they have already asked for and been cleared to access critical user data.
Finding and Eliminating Malicious Browser Extensions
So, because malicious browser extensions have the potential to compromise an organization’s data, IT admins need to be on top of their end users’ browser extensions at all times. Unfortunately, doing so manually is virtually impossible because it requires complete and total cooperation from all end users to track down all of the browser extensions they may have downloaded and subsequently remove potentially phony ones.
Thankfully, there are a couple methods admins can use to find and eliminate malicious browser extensions.
Browser Admin Tools
Admins can use an internet browser’s admin tools (e.g. Chrome) to remove and block undesirable extensions. Admins will need an extensive knowledge of known malicious extensions and, subsequently, a allow list of approved ones. This method requires a bit of manual search but, if done properly, can achieve an admin’s security goals.
IT organizations can also use a Software-as-a-Service (SaaS) solution to track down which machines are running which browser extensions. This option also provides admins with the ability to query across all systems, regardless of their choice of internet browser, which means that admins have a centralized location to do so.
If you are interested in finding and eliminating malicious browser extensions across your system fleet, please contact us. We’d be happy to point you toward the right solution for you.