Affiliate links help us produce good content. Learn more.

Malicious browser extensions: How to recognise & deal with them

Malicious browser extensions: How to recognise & deal with them

Browser extensions are add-ons that add features to your internet browser. Rather than having all the custom features upon install which would clutter your browser, most modern browsers provide options for browsers extensions so you can program your browser to perform personalised tasks while keeping all unnecessary functions to a minimum.

There are thousands of extensions available for your browser. Most people who use the Internet regularly are likely to be using multiple extensions. However, the fact that there are so many extensions means that users might download malicious extensions.

Third party browser extensions

Third-party browser extensions are customised to an individual’s needs. However, since most people have varying requirements, browser owners find it feasible and far more productive to give third-party companies the right and the ability to create extensions that are suitable for their own intended customers.

However, these extensions may need access to your data and workflow to work. Developers may be able to engage in unethical and illegal practices through some of the permissions that you give them. Not all extensions are malicious though, and it is possible for you to weed out malicious extensions to a large extent.

You can find many useful extensions for yourself. For example, many third-party browser extensions help increase the mobility of the office. For example, Microsoft provides an extension called Office Online for Google Chrome which allows you to access your work on an “Office suite” remotely.

Malicious browser extensions

Giving third party access to create browser extensions, however, means that they have access to user data that could be detrimental to the user as it can be misused, leading to potentially harmful results including identity theft and access to credit card information.

Even Google’s Terms and Conditions for extension developers have no clear rules for dealing with mishandling of a user’s private data. Google does not screen properly extensions that are available on its Chrome Web Store.

Adding to the problem is the fact the Antivirus software would likely be unable to find and block malware extensions since they are not individual applications. Their code is saved as a part of your browser, and since a browser is trusted software, Antivirus software would likely overlook a malicious browser extension.

Malware extensions have not really hit the mainstream as of yet, but certain extensions have become infamous due to the level of threat they pose and how easy it is to use them.


Firesheep is a browser extension for Firefox which is essentially a hacking tool. It uses its unrestricted access to hijack and record all unencrypted traffic through your router. This makes it easier for a user to hijack personal data as well as online accounts of the people who are using your internet connection.

Fire sheep is so easy to use that any ordinary user with no background in IT can use it. It has the ability to hijack people’s account on not only social networking sites like Facebook and Twitter but also your accounts on Amazon which might contain your credit card information. This makes it a potentially disastrous tool.

Despite its potential danger, Firefox has refused to block this extension due to a loophole in its terms and conditions. This has set a precedent for other developers to create similar extensions. To their credit, Firefox did remove this extension from their add-ons store, but it can still be downloaded from the Firesheep website.


Though not an extension, it exploits the same vulnerabilities as Firesheep. Faceniff is an application for Android devices so they can hijack people’s account through a shared Wi-Fi connection. It can and is used to attack user accounts on not only social networks but also websites which might contain their credit card information.

How to recognise malicious extensions

This part is mainly focused on malicious Chrome extensions since they are the one used by most people. However, the following practices translate more or less to all of the mainstream browsers.

It is not very easy to tell apart malware from legitimate extensions. Malicious  extensions are likely to have a low rating and bad reviews since their functionality and user-friendliness is not a focus of the developer. Secondly, you should read the description carefully. If it’s well written and descriptive, it is likely legit. A malware extension is more likely to have a brief description.

On the contrary, some malware extensions may also have suspiciously good reviews which sound quite similar due to the use of review bots. Unfortunately, there is no surefire way to recognise a malicious Chrome extension, but you can increase your chances by following the aforementioned practices.

How to protect yourself from malicious extensions

Though you cannot recognise these malicious extensions, you can, however, take precautions against them. You should thoroughly research any extension you are considering downloading. Similarly, if you don’t have any experience with extensions, try to find extensions that are best suited for your needs.

Also, there are certain protective measures that you can take. Download extensions only from official stores. There are at least some mandatory checks on the extensions there.

It is also important to remember not to grant applications any permission that you are not comfortable with. Once you have no use for an extension, delete it as a cautionary measure.

Using a VPN is also a good idea since it will not only encrypt your data but also route it through a secure server to reduce chances of you being spied on. ExpressVPN is an industry leading VPN that is bound to offer you all the protection you need.

How to remove Browser Extensions

Another great deterrent would be to remove all the useless extensions that have accumulated over time. Similarly, you can disable the extension that you are not using for the time being. Here are the steps to remove browser extensions on Google Chrome.

Using this guide, you will easily be able to remove all the extensions have no use for. It is important to perform these checks from time to time as you will probably continue to download new extensions. As a good practice, you can audit all your extensions once a month.

For most people, it is infeasible to avoid using any browser extension, and it would be difficult to find a solution that can guarantee protection from malware extensions. You can, however, use the aforementioned precautions to reduce the risk of you having any sort of spyware or malware installed on your computer.

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. TripleA June 4, 2019 at 5:08 am

    I have a lot of different extensions, but they’re all from verified sources. THings that help productivity or help with my learning disability, usually. I’m always so nervous downloading anything new, because it could be something like this!

  2. Louise M April 11, 2019 at 9:33 am

    That’s good to know ! I always have a doubt when I’m installing a new extension, like how do I know if it’s safe or not ! This answered my questions ! Thanks for the article.

  3. 7880Antonio..UG March 27, 2019 at 9:06 am

    I am not always comfortable working and seeing extension on my screen. Trust me it distracts my workflow. Sometimes I am more mindful not to click since I do not possess an eagle’s eyes to separate the dangerous from the good

  4. Joachim_Knudsen February 5, 2019 at 3:23 pm

    Humanity is acquiring all the right technology for all the wrong reasons. The technology you use impresses no one. The experience you create with it is everything.

  5. BeverlyTKurtz February 4, 2019 at 10:22 pm

    I’ve ran across several FireFox extensions that aren’t trustworthy. FF Protect AntiVir, FF Helper Checker, and FF Search Informer are a few of them. On the Mozilla website it states, “Blocklisting (or blocking) is an action of last resort taken to protect Firefox users against add-ons.” So they are working to stop unsafe extensions, but it’s probably an ever-changing landscape so you have to be vigilant.

Jump to section
Thanks for your opinion!
Your comment will be checked for spam and approved as soon as possible.