In the first half of 2022, 1.3 million users suffered data breaches because of harmful extensions.
Malicious extensions are considered major risk factors as they can easily penetrate your endpoints and cause major system compromises.
Unsigned and unsafe extensions are considered to be potentially harmful to your browsers. Browser extensions are inherently weak in terms of security.
Additionally, the lack of visibility over the installed extensions, and the permissions they require, makes it impossible for IT administrators to manage them.
Here are a few recent cases of why your browser extensions threaten your entire network.
- Chrome browser extension SearchBlox installed by more than 200,000 users, has been discovered to contain a backdoor that can steal your Roblox credentials and assets.
- An information-stealing Google Chrome browser extension named VenomSoftX is being deployed to steal cryptocurrency and clipboard contents as users browse the web.
- A new Chrome browser botnet named Cloud9 has been discovered in the wild using malicious extensions to steal online accounts, log keystrokes, inject ads and malicious JS code, and enlist the victim’s browser in DDoS attacks.
Let’s quickly look into one of the attacks.
The Troubles of Being on Cloud9
With the new browser botnet, Cloud9, waiting to penetrate your browsers remotely to access and steal your sensitive and confidential data, staying safe while browsing the internet can be challenging.
As reported by Bleeping Computer, this remote access Trojan named Cloud9 allows cyberattackers to execute commands remotely to steal your data. This malicious extension is not found in the Chrome store but has been reported to be installed by other means.
What’s the story of Cloud9?
The malicious Cloud9 extension consists of three JavaScript files that can gather system information, leverage host resources to mine cryptocurrency, perform DDoS attacks, and inject code to run browser exploits.
The following exploits for vulnerabilities have been observed on various browsers:
- Firefox: CVE-2019-11708 and CVE-2019-9810
- Internet Explorer: CVE-2014-6332 and CVE-2016-0189
- Edge: CVE-2016-7200
These exploits automatically install and run Windows malware on the host machines, which not only can lead to further system compromises.
Learn how Browser Security Plus Provides the Right Solution against Malicious Extensions.
With Browser Security Plus, you can manage the extensions installed on your browsers across your network. To defeat this malicious Remote Access Trojan, you must only allow the safe and wanted extensions in all your browsers.
Here’s how you can manage these extensions seamlessly using Browser Security Plus
- Discover potentially harmful extensions being used in your network.
- Remove unnecessary extensions.
- Block permissions directly instead of blocking extensions. This will ensure that all extensions that use the blocked permissions will be removed.
- Gain comprehensive insights about the extensions that are installed on your browsers.
- Allow and block extensions based on user requirements.
To avoid extensions being installed from unknown and third-party stores, Browser Security Plus allows you to maintain your extension repository, where you can add extensions based on their extension identifier.
With Browser Security Plus, you gain holistic insights into your network’s browsers, extensions, and plug-ins.
You can also lock down your enterprise browsers, harden your browser settings, and filter out malicious web applications to stay safe from cyberattacks. Learn more about implementing a safe browsing experience for your end users!
Browser Security Plus is your one-stop solution to prevent browser-based attacks and manage multiple browsers across your enterprise network. Secure your browsers now! Get a free 30-day trial here!