Of these, more than 1 million users encountered adware in the first half of 2022.
The aim of some malicious extensions is to steal login credentials and other sensitive information.
Also, the extension modifies the browsers default search engine to search.myway[.
It can also mimic installers of various software, including proprietary software.
AddScript
AddScript is another threat family, hiding under the guise of web client extensions.
156,698 unique users encountered AddScript in the first half of 2022.
For instance, AddScript disguises the malicious code.
When the extension is running, it contacts a hardcoded URL to get the C&C server address.
FB Stealer
FB Stealer is one of the most dangerous families in net web client extensions.
Besides the already traditional search engine substitution, FB Stealer can even steal user credentials from Facebook.
Kaspersky security solutions detected 3,077 unique users who came across FB Stealer during the period January to June 2022.
FB Stealer is installed by the malware rather than by the user.
Once added to the online window, it mimics the harmless and standard-looking Chrome extension Google Translate.
The installer also modifies the Secure Preferences file, which contains Chrome controls, including information about extensions.
Once it is done, the extension becomes active.
Similar to previous families, the extension changes the default search engine.
In this case, it sets it to hxxps[:]//www.ctcodeinfo[.]com.
How To Stay Safe While Using internet tool Add-Ons?
Since extensions add extra functionality to browsers, they require access to various resources and permissions.
Uninstall extensions that are no longer in use or you do not recognize.
source: www.techworm.net
