September 1, 20235 minutes to read

I’ve developed a few browser extensions, and every week I receive numerous emails with “revenue offer”. Some experienced developers know that offers like these will inject malware into the browsers of your users, but scammers who make these offers will not tell you about it. They offer “integrations” that don’t look so suspicious. Imagine how many developers have accepted these offers. Then look at the number of extensions in your browser and think about how much risk there is that you have an extension with malware.

Browser extensions may request a lot of permissions, which can be necessary to implement some features and to improve the user experience. However, having wide permissions can increase the attack surface for hackers. This is why browser extensions are a great target for hackers.

Browser extensions can access any content on a page, such as emails, private messages in social media, and bank account information. Extensions may also capture pressed keys and send passwords to hackers. The collected data may be sold or used by hackers to steal money, identities, or for blackmail.

In recent years, browser extensions have started inserting advertisements on web pages. Here’s how it works: a browser extension developer signs up on an ads platform and creates an account for some application. Then they inject ads on any web pages users visit and earn money from clicks. Sometimes even the ads platform doesn’t know how the developer is generating clicks.

These are not the only ways hackers can use malware in your browser. They can also click on links, open sites in the background for DDoS purposes, and more. The key point is that your browser will be shared with a hacker.

Let’s see how extensions can be hijacked in case the developer is not a hacker.

Extension developer may even not be a hacker, bu