Browser extensions are useful add-ons that enhance productivity and help users accomplish more tasks efficiently. Examples of helpful extensions include password managers, writing assistants, and AI-based copilots. However, there’s a dark side to browser extensions, including:

  • Malicious Extensions: These can steal data, hijack corporate accounts, reroute crypto transactions, and perform other malicious activities. Those extensions can be malicious on day one or become malicious after the developer’s account was compromised or sold to a shady actor.
  • Risky/Permission-Heavy Extensions: Some developers may not implement necessary privacy and security measures and at the same time request wide permissions, putting enterprise data at risk.
  • Poorly Written Extensions: These can negatively impact the browsing experience and cause compatibility issues with websites.
  • Adware-Type Extensions: These inject ads, affiliate links, or hijack the user’s default search engine to monetize their user base.

In this post, we’ll explore adware-type extensions, why they are riskier than expected, and provide some real-world examples.

Adware: A Slippery Slope

Adware extensions can be problematic for several reasons:

  • Search Results Corruption: They may forcibly alter the content of Google/Bing search result pages, causing user frustration and generating helpdesk tickets.
  • Untrusted Redirects: Clicking on an ad link planted by such extensions can redirect through third-party services that might share user information or track users across websites.
  • Lower Ad Standards: Some third-party ad networks might have lower standards than Google or Microsoft, and can potentially lead to malvertising: ads that direct users to fake landing pages, trying to trick them into downloading malware, etc.
  • Extension Ownership Changes: Popular extensions can be sold to shady buyers who use them for malicious purposes after they already have a significant user base.
  • Lack of Transparency: Extensions that don’t disclose that they manipulate search results (for example), can easily “break bad” and later engage in more malicious activities.

Real-World “Adware Extensions”

1. Sneakily Adding Affiliate Links

At first glance, “Aliex Product Image Downloader” seems like a handy tool for downloading product images for dropshipping. However, it covertly plants affiliate links. When users visit certain AliExpress pages, the extension redirects them to a different URL containing an affiliate ID, earning commissions on any purchases made. None of this is ever mentioned in the extension description.

Code from the “Aliex Product Image Downloader” extension used to add affiliate links to AliExpress purchases

The extension uses different redirect URLs for various versions of the AliExpress site (aliexpress.com, aliexpress.us, aliexpress.ru), likely to track performance across regions or use different affiliate programs.

2. Details in the Fine Print: “Color by Fardos”

Color by Fardos” is a legitimate color picker extension for designers. However, buried at the end of its very long description on the Chrome Web Store is a minor note mentioning that it also adds some affiliation links via a service called Admitad.  

Link affiliation / search query manipulation is mentioned only in the fine print 

The extension replaces Google/Bing search results with its affiliate links, monetizing user searches.

Code to replace Google/Bing search result links

3. Search Engine Replacement

The “Pinukim” extension promises free access to the latest movies and TV series, but its primary function is to replace the user’s default search engine and homepage with its own, steering users to their search engine for monetization.

Search engine replacement via the “Pinukim” browser extension

Detecting Risky Extensions

While some ad-supported extensions are benign but misleading, others are outright malicious. To protect against this enterprise security blind spot, organizations should deploy a browser security solution.

Perception Point’s Advanced Browser Security solution provides robust protection against phishing, malware/ransomware, data loss, unwanted website categories, as well as providing advanced browser governance capabilities, including governance over third-party browser extensions, giving comprehensive visibility and control over which extensions enterprise users can install.

Together with our partner Spin.ai, the solution provides security teams with risk scores for each extension deployed by their users and the ability to instantly disable extensions that are undesirable or risky, both on-demand and based on risk score criteria. 

Summary

Browser extensions can significantly enhance productivity but also pose substantial risks when misused. Adware-type extensions can corrupt search results, compromise user privacy, and lead to malicious activities. Awareness and proactive security measures are crucial in mitigating these risks and ensuring a safe browsing experience. Deploying advanced browser security solutions can help organizations maintain control and protect their users from the dangers of risky extensions.

Protect your organization from browser-based attacks. Get advanced browser  security, here.