adware, browser extension, facebook, web browser

Almost 7 million users have attempted to install malicious browser extensions since 2020, with 70% of those extensions used as adware to target users with advertisements.

The most common payloads carried by malicious web browser extensions during the first half of 2022 belonged to adware families, snooping on browsing activity and promoting affiliate links.

This finding is based on telemetry data collected by Kaspersky, which reports over 1,300,000 attempts by users to install malicious extensions throughout H1 ’22, an increase compared to last year’s figures.

adware, browser extension, facebook, web browser

Number of malicious extension installation attempts (Kaspersky)

From January 2020 to June 2022, Kaspersky recorded adware extensions targeting 4.3 million unique users, corresponding to roughly 70% of all malicious extensions in that period.

This stat reflects how large of an adware delivery funnel malicious extensions are, compared to any other delivery mechanism.

It should also be noted that these numbers only reflect telemetry from users who utilize Kaspersky software. The numbers are likely far more significant when considering users protected by other security vendors.

Biggest 2022 threats

Starting with ‘WebSearch,’ Kaspersky says they detected related extensions targeting 876,924 users this year, typically mimicking productivity tools such as DOC to PDF converters and document merging utilities.

According to Kaspersky, WebSearch monitors users’ browsing activity to profile them based on their interests and then promotes links from affiliated marketing programs that help monetize the infection.

Additionally, WebSearch changes the browser’s home page with AliExpress or Farfetch, generating funds from the extension through clicks on affiliated links on the search results.

adware, browser extension, facebook, web browser

New homepage set by the EasyPDFCombine extension (Kaspersky)

The second most common adware hiding in the browser extension scripts is ‘AddScript,’ seen in attacks against 156,698 unique users.

AddScript runs covertly in the background while the extensions that carry it offer the promised functionality: downloading videos from the web.

The malware uses JavaScript fetched after installation to run videos in the background and log “views” on YouTube channels, thus increasing ad revenue.

adware, browser extension, facebook, web browser

Malicious code in AddScript (Kaspersky)

Additionally, the AddScript injects affiliate cookies on the host, receiving commissions for purchases made through the browser.

The third-most popular adware nesting on people’s machines via malicious extensions is ‘DealPly,’ responsible for 97,525 infection attempts in the first half of the year.

This adware begins with the execution of pirated software like KMS activators and game cheat engines downloaded from peer-to-peer networks and shady sites.

This is followed by the automatic injection of the browser extensions and the addition of new registry keys.

adware, browser extension, facebook, web browser

Registry keys added by DealPly (Kaspersky)

These keys add persistence, so if the user removes the extension, it is re-downloaded and installed on the browser when the program is relaunched.

DealPly also changes the browser’s home page to promote affiliate sites that match the user’s search queries.

adware, browser extension, facebook, web browser

Scrutinizing user’s search queries to promote affiliate links (Kaspersky)

How to stay safe

To keep your browser free of adware infections, only download extensions from the browser’s official web store, examine user comments and reviews, and run a background check on the developer/publisher.

Some extensions require powerful permissions to offer the promised functionality, so it’s essential to review their privacy policy and data collection practices carefully before agreeing to them.

Finally, try to use the least amount of extensions you need and periodically review the installed add-ons to remove any that you are unsure of how they were installed.

TECH NEWS RELATED

Self-validation of complex electronic systems using gray box models

Hybrid models combine the advantages of both physical and data-driven models. Credit: Fraunhofer IZM When you mix together black and white, you get gray—and with it, a new method that should allow complex electronic systems to monitor themselves. Using so-called gray box models, on which researchers at the Fraunhofer ...

View more: Self-validation of complex electronic systems using gray box models

PlatinumGames reveals that Jennifer Hale is new voice of Bayonetta in third entry

Voice actor changes happen across multiple industries for a variety of reasons. Sometimes there’s simple scheduling conflicts, other times it’s complicated union affairs like the recent high profile Kyle McCarley-Crunchyroll case. But whatever the reason, it leads to recasts — and that has now happened to none other than Bayonetta, ...

View more: PlatinumGames reveals that Jennifer Hale is new voice of Bayonetta in third entry

How to Download Overwatch 2 and Set Up SMS Protect

You'll need to add a verified phone number to your Blizzard account to launch the game.

View more: How to Download Overwatch 2 and Set Up SMS Protect

'Kipferl': Guiding the defense against jumping genes

Two Drosophila egg chambers containing several nuclei: Wild Type (left) or upon Kipferl inactivation (right). The DNA is shown in blue and Rhino in green. Upon mutation or deletion of the partner protein Kipferl (right), Rhino loses its affinity for the piRNA cluster sequences across the genome (green dots ...

View more: 'Kipferl': Guiding the defense against jumping genes

Smacked asteroid's debris trail more than 6,000 miles long

This image made available by NOIRLab shows a plume of dust and debris blasted from the surface of the asteroid Dimorphos by NASA’s DART spacecraft after it impacted on Sept. 26, 2022, captured by the U.S. National Science Foundation’s NOIRLab’s SOAR telescope in Chile. The expanding, comet-like tail is ...

View more: Smacked asteroid's debris trail more than 6,000 miles long

Engineering students create a 3D-printed functional robotic arm

Detail of the 3D-printed transradial myoelectric prosthesis. Credit: Polytechnic University of Catalonia Fifteen bachelor’s and master’s degree students from the Barcelona School of Industrial Engineering (ETSEIB) of the Universitat Politècnica de Catalunya · BarcelonaTech (UPC) share the same dream: improving the quality of life of people with disabilities using ...

View more: Engineering students create a 3D-printed functional robotic arm

Crash test dummies for e-scooters

In the crash tests, the e-scooter and dummy were driven against a curb at speeds of 10, 20 and 30 km/h. Even at 10 km/h, there is a significant risk of injury. Credit: Fraunhofer EMI Practical and environmentally friendly, e-scooters offer great flexibility. It is no wonder that more ...

View more: Crash test dummies for e-scooters

LiDAR and radar sensors—space-saving headlight installation

LED headlight model with multispectral combiners for coaxially merging optical light, LiDAR (red) and radar beams (green), with the aim of achieving space-saving sensor integration for next-generation driver assistance systems. Credit: Fraunhofer FHR People use their eyes and ears to pick up on traffic situations involving potential hazards. For ...

View more: LiDAR and radar sensors—space-saving headlight installation

New genetic variation from old and exotic varieties for environmentally friendly wheat cultivation

Multi-organ chip detects dangerous nanoparticles

Bad roads reduce trade volumes by 18%

New online portal aims to improve parks and green spaces around the world

Manufacturing microscopic octopuses with a 3D printer

Protein family shows how life adapted to oxygen

Driving high? Chemists make strides toward marijuana breath analyzer

Alain Aspect, Nobel-winning father of quantum entanglement

Reports say the CIA is trying to resurrect woolly mammoths

Ford Performance Kit Juices the Bronco's Base EcoBoost Engine

MASERATI CELEBRATES THE OPENING OF ITS NEW STORE IN MILAN

Ubisoft, Take-Two Back Ethereum NFT Game Maker Horizon in $40M Round

OTHER TECH NEWS

Top Car News Car News