top of page

Browser extensions pose hidden risk to web users

Major web browser providers offering plug-ins and browser extensions may be increasing the likeliness of their users becoming a victim to threat actors according to research from Kaspersky.

Browser add-ons exist to improve the experience of web users, offering services such as blocking adverts, spell checking or even virtual on-screen pets.

Unfortunately, the use of these as a vessel to spread malicious code and malware has increased in recent months.

Malicious and unwanted add-ons are often distributed through official marketplaces, giving customers a sense that they can be trusted.

However, in 2020, Google removed 106 browser extensions from its Chrome Web Store after analysis demonstrated that they were used to harvest credentials and sensitive user data, such as cookies, usernames, and passwords.

Some extensions were even able to take screenshots; in total, these malicious extensions were downloaded 32 million times by web users.

The downloads lead to over 100 networks being compromised, belonging to individuals and organisations including financial institutions, utility companies, government agencies and healthcare firms.

From February 2018 into 2019, another add-on available on the official Google Play Store called “flash reader” was downloaded over 400 times before it was taken down. It was able to recognise payment card details entered by users on their devices as they paid for goods and services, and steal and harvest those details for use in further criminality.

The use of the words “flash” and “reader” are found in many legitimate web services and would add to the sense that the add-on was popular and could be trusted.

The findings by Kaspersky show that although the number of users affected by malicious add-ons and extensions halved from 2020 to 2021, the number for 2022 is already at 70% for the whole of 2021.

This suggests that the total for the year will be a significant increase over 2021.

Threat actors are continuously leveraging new ways to deliver malware to users on the internet and with browser add-ons becoming increasingly popular, it’s highly likely that their malicious use will continue to increase.

The rise in remote working, web and cloud-based working may also play a part in the statistics found by Kaspersky.

Organisations should ensure staff are educated around the risks of the use of add-ons and extensions and where necessary apply IT administrator level blocks on personnel downloading extensions across IT estates.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page