Beware Your Browser Extensions

Submitted by jasonsimpson on Sun, 03/08/2020 - 03:24

Brian Krebs over at KrebsonSecurity wrote an article about a recently found browser extension that was injecting some malicious code onto websites.  It worked basically like this:  You are a website developer, and crafting an article or piece of code to publish.  The extension detects this, and quietly injects some code that requests some javascript to run.  This javascript is to serve up some ads.  The ads of course will generate revenue, not for the website where the ad is served, but the entity that forced the code in via the extension.  

Longer story short, the extension creator sold to an ad company that is earning money on the extension in this malicious way.  

This is very interesting to me.  I use a few extensions, but most are security related.  Otherwise I am not a heavy extension user, although I think this means there is some functionality that I am missing from my web browsing experience.  Extensions I am used to are basically set and forget.  Apparently the extension referenced in this article is useful for Website developers.   Sort of a slick, yet shady way to get some income.  

Please visit Brian Krebs website and read the article in full: