The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at

Watch out for rogue browser extensions - BullGuard


Wish you could enhance your browser experience?


Now you can mould your browser to your needs. Add-ons, toolbars, explorer bars, shortcut menu extensions, browser helper objects – all these help you get a seamless browsing experience, so that you can access favourite pages more rapidly or certain browsing services with more ease. But when they give cybercrooks access to your computer or perform all sorts of malicious actions without your knowledge, they clearly pose a threat to your internet security and privacy.


Due to their increasing popularity, browser extensions have caught cybercrooks’ attention and provided them with yet another tool to breach your internet security: rogue or fake browser extensions.



They usually send these little malicious programs your way by:


  • hijacking “free” wireless connections and infecting browsers without your knowledge.
  • promoting them as browser enhancers under luring names, which promise certain benefits upon installation.
  • sharing malicious links that appear to lead to legitimate Facebook apps available for download.
  • bundling them up with other software you’re prone to install.
  • uploading them to official web stores, as it has been the case with Chrome Web Store.


As most web browsers “delegate” more advanced functionalities to browser extensions, internet security scams and breaches based on rogue browser extensions are quite persistent. And gullible web users actually fall for cybercrooks’ promises and install the fake add-ons, or may not even notice the ones already installed in their browsers.



What to expect from malicious extensions?


Now, you’ve seen how you can get rogue browser extensions. But how exactly can they affect your security and that of your PC? Depending on what purpose they are created to serve, these little malicious programs can:


  • piggyback on active browser sessions to perform unauthorized actions, even if the account owners change their passwords; in this case, rogue browser extensions can easily replace traditional phishing methods.
  • intercept your every “move” in the online world.
  • show advertisements on different websites (including non-profit websites that do not support ads) without the consent of the website owner - in other words, manipulate your browser to show certain ads, and consequently force ads upon you with the use of your browser.


In a recent malware attack, Facebook users in Brasil were tricked into downloading rogue extensions advertised as legitimate Facebook apps. They supposedly allowed users to: “Change the colour of [their] profile”, “Learn how to remove the virus from [their] Facebook profile”, or “Discover who visited [their] profile”. Once users agreed to install the fake app, they were redirected to the Google Chrome web store – which offered authenticity to the scam –, where they had to download a Flash Player. This, in fact, was a malicious extension that, once installed, granted cybercrooks full access to the victims’ Facebook accounts, and the possibility to further promote the trickery. How’s that for an internet security breach?


Another recent browser-based malware infection targeted Google Chrome users. An extension called “I want this” started to show illegitimate ads on websites visited by infected users, including Wikipedia. What gave away the rogue browser extension was precisely the presence of advertisements on the Wikipedia’s web pages – as a non-profit organisation, the free online encyclopaedia doesn’t allow advertising on its web pages.


These are just two examples of how malicious browser extensions can compromise your internet security and online privacy. Cybercrooks have proven very skilled at coming up with new ways to affect web users’ online presence. And we are all potential victims.



How to protect yourself against rogue browser extensions?


  • If you want to download a browser extension, carefully read the permissions requested by the developer and check out the reviews/rating from/by other users.
  • If you’re required to install a plug-in to watch a video on Facebook, for example, be careful! It may be part of an internet security scam. It’s best you search for the respective video on the web, independently from the website you’ve found it on, and/or install the plug-in only after verifying its source and authenticity.
  • If you spot commercial advertisements on non-profit websites like Wikipedia, then your browser is most likely infected with malware. Also, if you’re noticing more ads then usual on websites you go to on a regular basis, this might be a sign of browser infection. In this case, the first step to take would be to check your browser add-ons. If any of them looks suspicious, it’s best you disable it. If the problem still occurs, then run an antivirus program and scan your PC for malware.
  • Always keep your browser up-to-date, as well as all other programs on your PC. A Vulnerability Scanner like the one included in BullGuard Internet Security 12 spots out-dated software versions and recommends updates and patches.
  • Prevention never hurt anybody. So, in order to avoid malware infections of any kind, consider investing in an effective internet security program. BullGuard’s internet security suite comes with not only a proactive antivirus engine that spots even the newest forms of malware, but also a wide range of internet security features to keep you and your PC safe at all times.

Was this article helpful?