August 17, 2022

Telemetry data collected by Kaspersky shows that almost 7 million users have attempted to install malicious browser extensions since 2020.

The most common payloads transmitted by malicious web browser extensions in the first half of 2022 belonged to adware families.

Between January 2020 and June 2022, adware extensions target 4.3 million unique users, accounting for 70% of all malicious extensions during that period.

The biggest threats in 2022 include WebSearch, AddScript and DealPly.

According to researchers, WebSearch extensions targeted 878,924 users in 2022. WebSearch extensions mimic productivity tools and monitor users’ browsing activity to profile them based on their interests. WebSearch then promotes links from related marketing programs that help monetize the infection.

AddScript extensions have been seen in attacks against 156,698 unique users. AddScript uses JavaScript, and it runs in the background while its extensions provide promised functionality.

DeepPly is responsible for 97,525 infection attempts in the first half of the year. The adware starts with the execution of pirated software, followed by the automatic injection of browser extensions and the addition of new registry keys.

Users can protect themselves from adware by simply downloading extensions from the official web store of the browser. They are also advised to examine user comments, reviews and background checks of the developer/publisher.

The sources for this piece include an article in BleepingComputer.