Cybercriminals are now targeting online users through the add-ons that pop up on their digital screens with experts warning that threats have risen over 59 percent in the first half of this year compared to the whole of 2021.
Nancy Bwire, 32, nearly fell prey to these increasingly crafty schemers. The mother of two clicked on an advert that popped up in her browser device. Nothing appeared suspicious about the advert, she said.
“I was using my phone as usual when I clicked on an ad. My personal details were tracked and a unanimous person began sending me messages. They required me to tell them my details, claiming I had ‘won’ an award for using their browser,” said Mrs Bwire.
But she became skeptical when they asked her to send her bank details. She later learned that it was a well-laid trap.
Experts are now warning online users to be cautious and avoid clicking on any add-ons that pop up on their devices. According to research by Kaspersky, a global cybersecurity and digital privacy company, over 14 000 online users in Kenya encountered browser extension threats in the first half of 2022.
This is where cybercriminals use the add-ons in the browser to track the users' credentials and to monitor the sites they visit most.
“In the first half of 2022, more than 14 000 users in Kenya were affected by threats, hiding in browser extensions, at least once, which is over 59 percent of the number of users affected by the same threat throughout the whole of 2021,” said Anton Ivanov, a senior security researcher.
By mimicking popular apps, such as Google Translator or extensions with useful functionality like PDF Converter or Video Downloader, threats in browser extensions can insert advertisements, collect data about users’ browsing histories and even search for login credentials, making it one of the most desirable tools for cybercriminals.
The most prominent threat spread under the guise of browser extensions has been adware which is unwanted software designed to throw advertisements up on the screen.
Such advertisements are usually based on the browsing history to catch users’ interest, embed banners in web pages or redirect them to affiliate pages that the developers can earn money from, instead of legitimate search engine adverts.
In 2020, Google removed 106 malicious browser extensions from its Chrome Web Store. All of them were being used to siphon sensitive user data, such as cookies and passwords, and even take screenshots.