Malicious Browser Plugins Abound

Two different stories appeared this week; one about Firefox, the other about Chrome. Both were dealing malicious add-ons to browsers. I am not sure what is going on with Edge, but we may hear from Microsoft too.

Since we seem to live our lives in the browser these days, it makes sense that hackers are going after your browser.

For Chrome, Google halted paid-for extension updates because of a huge increase in fraudulent activity.

Google doesn’t know when it will resume updates; they are looking for a long term solution. In the meantime, developers who make money (likely selling your data) will just have to wait.

Google has been very tight-lipped about exactly what is going on – likely because they don’t want to help the bad guys and they do not have a fix. Details at The Register.

On the other side of the tracks, Mozilla has banned almost 200 Firefox apps for executing malware, stealing your data or obfuscating what they were doing.

Mozilla is going one step further than Google and disabling these plugins if they are installed in your browser.

A big chunk of the ban was to a developer who was dynamically downloading code into their add-on. Of course, Mozilla can’t tell if that code, which doesn’t yet exist at the time the app is submitted, will be malicious some time in the future. Doing that(using downloaded code) has been a violation of the rules but now Mozilla is getting serious about it. Details can be found at ZDNet.

Bottom line is bad guys have decided that browsers are a good attack method.

People are probably not careful enough about what add-ons they load into their browser, in part because they don’t really have any way of knowing whether the developers are honest or have evil intent.

Of course, the vast majority of plugins are not evil (or at least their evilness has not been detected yet), so this is not a blanket condemnation of all plugins, but it does mean that this is a potential attack vector on your systems and networks and you should consider what the risk of allowing users to install any random plugin software they choose to, is to your environment.

Now that this form of evil is being publicized in the news, expect more bad actors to try and figure out how to abuse the system.

For IT managers, this means that they should have policies about installing this form of software and should create mechanisms to enforce it and check for compliance.

The fun never ends.