Beware! Spyware disguised as browser extensions

The discovery of more malicious and fraudulent browser extensions is a reminder that you should be cautious when installing these tools in your browser.

Read this article in Русский.

Recently researchers discovered that over 500 Chrome extensions on its official web store (ouch!) were stealing browsing data and executing click fraud and malvertising after installing themselves on the computers of millions of users.

An orchestrated operation that might have been active since the early 2010s!

This is terrifying.

A two-month-long investigation by security researcher Jamila Kaya and Cisco’s Duo Security team exposed the browser extensions that had been downloaded millions of times from Google’s Chrome Web Store. 

What a stark reminder that we should all be cautious when installing extensions in our browsers.

Better safe than sorry

Anyone using one of the now-suspended 500 extensions will find they’ve automatically been deactivated in their browser.

This incident is a double-edged sword. It’s good because these extensions can no longer infect users. But it’s bad because it is an example of how easy it is for malicious extensions to sneak in the Chrome Web Store and stay put for years without Google noticing.

The only way to stay safe is to maintain good security hygiene when installing extensions:

  • Install extensions only from the official web stores.
  • Install as few extensions as possible.
  • Check reviews and feedback from users before installing extensions.
  • Pay attention to the developer’s reputation and responsiveness to questions, and how frequently the extensions are updated.

Stay informed, stay vigilant

Digital marketers will continue to look for new ways to identify you and target you with ads, and some of them are less-than-transparent about how they do that. 

Stay informed and vigilant. After all, you cannot count only on technology to guard your personal information. 

And guarding your personal information starts with choosing a browser that will not spy, steal and sell your data. Exactly what we stand for at Vivaldi.

It’s also our philosophy to give you native, out-of-the-box features that provide solutions without having to resort to add-ons.

Even though we support extensions available freely from the Chrome Web Store, our priority is to keep your personal data safe.  

Extensions are handy but can create issues 

Heavy use of extensions is common, but as you install more and more – that you no doubt find useful – you start to feel the consequences of doing so.

While extensions may add useful features to your browser, they can pose threats to privacy, security and performance. 

They can crash the browser or compromise it from a security standpoint. A buggy extension could use its access to snoop on your browsing, possibly capturing your credit card details or passwords.

Often, extensions are power-hungry and sap memory resources that slow down your browsing. So using a minimal collection of add-ons will help improve performance.

Another thing to consider is that user experience is much better with native features than with extensions. Web technologies evolve but native features will always continue to provide better, consistent with the product user experience.

Rely less on extensions

We certainly have a love-hate relationship with extensions but we’ll never hesitate to recommend some built-in gems in Vivaldi over the use of an extension:

So, cut down on your list of extensions! Choose extensions that provide true benefit. That’s bound to be a win-win situation. You’ll browse faster and safer.

On that, has anyone had any experience of using an extension that turned out to be malicious?

Vivaldi icon

¡Gracias por descargar Vivaldi!

Su descarga debe empezar automáticamente.
¿Ha habido algún problema con la descarga? Inténtalo de nuevo.

¿Quieres probar Vivaldi para Android?

Consíguelo en Google Play
Vivaldi icon

¡Gracias por descargar Vivaldi!

Las actualizaciones mediante la instalación del archivo .apk no son automáticas. Para asegurarte de estar al día respecto a las últimas mejoras y actualizaciones de seguridad, te recomendamos suscribirte a nuestroBoletín o al feed RSS.