Malicious browser extensions: What you should know

Alyssa Stillwagon
Published in
3 min readAug 21, 2018


Written by Emma Flickinger

What do malicious browser extensions do?

Browser extensions are pieces of code that are added onto the code that runs your browser. They can be run like any other software, but instead of being installed straight onto your computer, they are installed within the files for your browser application.

Many extensions are useful, and offer a convenient way to customize your browser. Others are designed to be harmful, and can compromise the security of your computer. One of the most common targets? Your personal data.

Why are malicious browser extensions a widespread problem?

The most popular marketplace for extensions, the Google Chrome Web Store, does not screen extensions before they are published. This makes it extremely easy to publish malicious browser extensions.

Extensions aren’t an application all on their own — their code runs as part of your browser. Because your browser is already a trusted application, it’s hard for antivirus software to catch malicious extensions.

Though extensions require permissions to work, most browsers grant them permissions by default (without asking you). Even if your browser asks you to confirm permissions, many extensions — including safe and legitimate ones — won’t install without the permission to “view and change all your data on the websites you visit.”

How can you guard against malicious browser extensions?

Most malicious browser extensions aren’t obviously evil — they are simple apps like calculators or PDF converters, and seem legitimate at first glance.

A good preventive strategy is to install a tracker blocker (like Redmorph’s Browser Controller). These applications block attempts by websites and extensions to send your data to third parties — so if you do end up with a malicious extension, you’ll have a safety net.

Before installing an extension, look it up. Does the developer seem legitimate? (Have they published other extensions? Do they have a website?) Does the extension clearly explain what it will do in your browser? Is it recommended in reviews? If so, who are the reviews by? (A reputable tech blogger, a news site, or an anonymous commenter?)

Read the reviews, and look up the developer. It’s also a good idea to do a general search for terms like “(name of extension) safe?”

Double-check that the extension you’re installing is the one you really want. Many malicious extensions are installed because they have the same name as a legitimate extension, or a similar (or copied) logo.

Read the extension’s description carefully. Legitimate developers can certainly make typos, but a description that’s riddled with spelling errors, sentences that don’t make sense, or a very vague explanation that glosses over what the extension does, should be a red flag. Be wary of words that are repeated an extreme number of times — developers of malicious extensions may repeat keywords so that the page shows up more readily in a search.

However, even with extreme precautions, there could still be a malicious extension at work in your browser. Extensions can be sold to new developers, and malicious actors can hijack the accounts of legitimate developers and push malicious updates to safe, previously installed extensions — difficult to detect, since almost all extensions update automatically.

What should you do if you believe you have installed a malicious browser extension?

If you notice that your browser is behaving oddly — new tabs opening to suspicious websites, a new startup page you didn’t assign, websites or searches redirecting to other sites — a malicious extension could be responsible.

In your browser, check the list of active extensions (keeping an eye out for any you don’t remember installing). Disabling or uninstalling them one at a time can reveal which one is causing problems.

Because this problem is so common, there are many step-by-step guides for getting rid of malicious extensions. Do some searching, or start with one of these: