UPDATED 20:03 EST / JANUARY 18 2018

APPS

Malicious Firefox and Chrome extensions keep themselves hidden from users

Security researchers have discovered a new form of rogue Chrome and Firefox browser extensions that not only hijack pageviews but also go the extra mile to keep themselves hidden from users.

Security firm Malwarebytes Inc. said today that the new extensions hijack browsers, then prevent users from removing them by redirecting users away from pages where they can disable or delete them. That obfuscation takes the form of blocking users by either closing out pages with extensions/add-ons info or by sending users to a different page, such as an apps overview page, where extensions aren’t listed.

If that sounds bad enough, it gets worse. Both the Chrome and Firefox extensions using a forced-install method. The attack vector comes via malicious sites which users may have ended up on via redirects from adult, software key generation and software cracking sites.

“What we call a forced install is that when a website is designed to keep the user there until he decides to install the extension,” Malwarebytes security researcher Pieter Arntz explained in a separate blog post. “Such websites employ javascripts, login prompts and various HTML5 tricks to essentially lock down the browser and prevent a user from browsing to another site or even closing down the tab until the extension is installed.”

Once installed, the extensions themselves aren’t particularly malicious in that they are not attempting to steal data from a victim. Instead, they seek to drive clicks up on YouTube videos or hijack searches, making them primarily an annoyance.

Thanks to the obfuscation, removing the extensions becomes interesting, with the Chrome version more difficult than the Firefox version.

“Unfortunately, since both the Chrome and Firefox extensions mostly add themselves through forced installs, it’s not always possible to avoid getting them,” the researchers conclude. “The best we can offer is to stay vigilant as you surf and use an adblocker (that could help with blocking the Firefox extension).”

Preaching from the gospel of always practice safe internet, they advised not downloading these extensions in web stores as well as reading the fine print carefully for any browser extension.

Photo: wactout81/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU