Malicious Browser Extensions: Vetting Extensions to Avoid Hidden Malware

Here are some common methods:

1. By Deception: mimicking legitimate well-known vendor product names or by publishing extensions with popular productivity purposes.
2. Ownership Takeover: where threat actors purchase or otherwise take over previously legitimate browser extensions that already have a user base and push out malicious updates to compromise target systems.
3. Web store method: This is a popular obfuscation tactic where adversaries publish extensions to web stores with minimal initial permission requirements but expand with additional permissions through updates, gradually expanding its access and functionality for malicious purposes.
4. Sideloading: Attackers exploit this method by bundling malicious extensions with seemingly legitimate software applications

• Reputable Source: Stick with extensions from verified and reputable sources
• Reviews: Popular or positive reviews do not equate safety. Threat actors often purchase or hijack popular extensions, using their trusted reputation as a shield while deploying malicious updates.
• Declutter Your Extensions: Avoid overloading your browser with extensions, more extensions equals more security risks and performance burden on your browser. Regularly review and remove extensions you no longer use to reduce exposure to malicious updates.
• Inventory: Knowing and monitoring the extensions you have installed makes it easier to remove unused and suspicious ones.
• Permissions: Review extension permissions closely. If an extension installed suddenly requests new permissions, be wary. If you can’t find a reason for the permission change, it’s probably better to uninstall. Also, if the permissions seem excessive for the functionality, steer clear.