Latest news with #maliciousExtensions
The Sun
10-07-2025
- The Sun
All Chrome users must delete 11 apps downloaded over two million times NOW as experts issue ‘tracker' warning
THOUSANDS of Chrome users are being urged to delete immediately certain apps that pose a security risk. It comes after experts issued a "tracker" warning on 11 apps that have been downloaded more than two million times. 1 The apps can track users, steal browser activity, and redirect to potentially unsafe web addresses. 3.45b users choose Chrome to surf the web Chrome is the most popular internet browser with an estimated 3.45 billion users, according to the latest statistics. Most of the add-ons provide the advertised functionality and pose as legitimate tools like colour pickers, VPNs, volume boosters, and emoji keyboards. Researchers at Koi Security, a company providing a platform for security self-provisioned software, discovered the malicious extensions in Chrome Web Store and reported them to Google. Researchers noted that many of those extensions are verified. They also report hundreds of positive reviews, and were featured prominently on the Chrome Web Store. This, the researchers note, could have misled users about their safety. Add-ons to check and remove Users should check for the following add-ons in Chrome browser and remove them as soon as possible: Color Picker, Eyedropper — Geco colorpick Emoji keyboard online — copy&paste your emoji Free Weather Forecast Video Speed Controller — Video manager Unlock Discord — VPN Proxy to Unblock Discord Anywhere Dark Theme — Dark Reader for Chrome Volume Max — Ultimate Sound Booster Unblock TikTok — Seamless Access with One-Click Proxy Unlock YouTube VPN Unlock TikTok Weather One of them, Volume Max — Ultimate Sound Booster, has also been flagged by LayerX researchers last month, who warned about its potential for spying on users. However, no malicious activity could be confirmed at the time. Urgent warning to delete 2 dangerous apps that STEAL all photos & blackmail you According to the researchers, the malicious functionality is implemented in the background service worker of each extension using the Chrome Extensions API, registering a listener that is triggered every time a user navigates to a new webpage. The listener captures the URL of the visited page and exfiltrates the information to a remote server along with a unique tracking ID for each user. The server can respond with redirection URLs, hijacking the user's browsing activity and potentially taking them to unsafe destinations that may enable cyberattacks. Although the possibility is there, it should be noted that Koi Security has not observed malicious redirections in their testing. Cybercriminals at large It comes after researchers at Koi Security discovered cybercriminals have also planted malicious extensions in the official store for Microsoft Edge, which shows a total count of 600,000 downloads. "Combined, these eighteen extensions have infected over 2.3 million users across both browsers, creating one of the largest browser hijacking operations we've documented," the researchers said. They recommend users remove all listed extensions immediately, clear the browsing data to purge any tracking identifiers, check the system for malware, and monitor accounts for suspicious activity. Google has confirmed that all the extensions Koi Security discovered have now been removed from the Chrome Web Store, according to Bleeping Computer. The 11 apps on Chrome that pose a security risk Here are the 11 apps that Chrome users are being urged to delete NOW.
Forbes
08-07-2025
- Forbes
Firefox Users Warned As Credential Theft Hackers Target Browser
Malicious Firefox extensions can steal your passwords. When someone says your browser security is at risk, or that credential-stealing hackers are targeting your browser, the chances are that your mind will turn to Google Chrome. Not because it is an insecure application, far from it, but rather it's the world's most popular web browser by some margin, so naturally it is the target of most attacks. Cybercriminal hackers, however, like to spread the malicious hate, and users of the privacy-focused Mozilla Firefox can not escape their attention. A new report has uncovered a total of eight malicious Firefox extensions that could steal authentication tokens and even spy on users. Here's what you need to know. Dangerous Firefox Extensions Uncovered By Socket Threat Research Team Whatever web browser you use, the universal truth is that someone will be out to get you. When it comes to cybercriminals, a preferred attack route is via a malicious extension or add-on. Which is why all browser vendors, including Mozilla, provide background protections and public support to minimize the risk as much as is humanly and technologically possible. Yet, as the July 4 Socket Threat Research Team report confirmed, attackers continue to target Firefox users. 'While our investigation focuses on Firefox extensions,' Kush Pandya a security engineer and researcher, and part of the Socket Threat Research Team, said, 'these threats span the entire browser ecosystem.' However, the specific Firefox investigation in question disclosed a total of eight extensions that were capable of causing harm, including: redirection to scam sites, user session hijacking to earn commissions on shopping sites, spying using invisible iframe tracking methodology, and, perhaps most seriously of all, authentication theft. Mitigating The Firefox Extensions Attack Risk I would advise you to read the full report for all the technical information and details of the extensions themselves. Meanwhile, however, I have been in communication with Mozilla. I can confirm that it is both aware of the threats in question and has taken positive action to protect Firefox users. I was assured that the Firefox add-ons team had reviewed the extensions mentioned in the report, which obviously went against Mozilla's add-on policies. The team found they had affected what it called a very small number of users and that appropriate action, including taking down some of the extensions, had been taken. 'We help users customize their browsing experience by featuring a variety of add-ons, manually reviewed by our Firefox Add-ons team, on our Recommended Extensions page,' a Firefox spokesperson said. To keep users safe, the spokesperson continued, 'we disable extensions that compromise their safety or privacy, or violate our policies, and continuously work to improve our malicious add-on detection tools and processes.' Mozilla further recommended that Firefox users take additional steps, bearing in mind that such add-ons are usually developed by third parties, to protect themselves from threat actors. These include checking extension reviews and ratings, and keeping your eyes open for any that require excessive permissions that are not consistent with what the extension claims to do. 'If an extension seems like it might be malicious,' the spokesperson said, 'users should report it for review.'
