Malicious browser extensions can:

• Steal Sensitive Data: Some extensions request broad permissions, allowing them to access browsing history, login credentials, cookies, and even credit card information. Attackers can use this data to hijack accounts or steal identities.
• Install Malware or Spyware: Extensions can install malware that operates silently in the background, monitoring activity or exfiltrating data without your knowledge.
• Hijack Sessions: By stealing session cookies, extensions can allow attackers to impersonate users on websites like Facebook or university portals.
• Redirect Searches and Inject Ads: Some extensions manipulate search results, inject unauthorized ads, or redirect affiliate revenue to attackers, degrading your browsing experience.
• Persist on Devices: Advanced malicious extensions may disable browser security settings or reinstall themselves after removal, making them difficult to eradicate.
• Slow Down Your Computer: Poorly designed or malicious extensions can consume system resources, leading to slower performance and increased frustration.

Best Practices for Safe Extension Use:

• Install Only What You Need: Limit the number of extensions you use. The fewer you have, the lower your risk.
• Check Permissions: Review the permissions an extension requests before installing. Avoid extensions that ask for more access than necessary, such as <all_urls> or access to sensitive data.
• Verify Authenticity: Install extensions only from reputable sources and developers. Check user reviews and ratings for red flags.
• Keep Extensions Updated: Updates often include security patches. Ensure your extensions are up to date.
• Review Regularly: Periodically review your installed extensions and remove any you no longer use or do not recognize.
• Install CrowdStrike: The security team can detect malicious extensions if installed.
  Keep Your Browsers Up to Date: regularly close your browsers and allow updates and security patches to be applied.
• Be Cautious of Phishing: Developers and users alike should be wary of phishing emails that may target extension accounts or attempt to trick users into installing malicious plugins.

What Should I Do If I Suspect a Malicious Extension?

• Remove the suspicious extension immediately via your browser's extensions menu.
• Change passwords for any accounts you accessed while the extension was installed.
• Run a CrowdStrike security scan on your device.
• Contact your IT Pro if you believe sensitive university data may have been compromised.

For additional resources related to Browsers, see the University of Illinois knowledge base articles on:

• Browsers, Clearing Cache and Cookies
• How to Remove Suspicious Browser Extensions