If you use a web browser in your business, you're probably familiar with extensions. These useful tools can enhance your browsing experience in countless ways, from blocking annoying ads to reducing distractions.

Extensions are incredibly popular because they can add so much functionality to your browser. But just as you need to be careful when installing new apps on your phone, you must also be cautious when adding new extensions to your browser. That’s because they come with a risk of malware.

Malware, short for malicious software, is any software intentionally designed to cause damage to a computer, server, or network. Cyber criminals use malware to steal data, hijack systems, and even empty your bank accounts.

Browsers like Google Chrome, Microsoft Edge, Firefox, Brave, and Safari all support extensions and are widely used, making them prime targets for cyber criminals. While cyber attacks sometimes exploit vulnerabilities in the browsers themselves, there's an easier way to target users: through malicious extensions containing malware.

Although companies like Google and Mozilla keep a tight watch on their extension stores, the risk is still there. A recent report claims 280 million people installed a malware-infected extension on Chrome between July 2020 and February 2023. This highlights the importance of being vigilant, regardless of which browser you use.

Surprisingly, many malicious extensions remain available for download for long periods. On average, malware-filled extensions stayed up for 380 days, while those with vulnerable code were available for about 1,248 days. One particularly notorious extension was downloadable for eight and a half years before being removed.

So, how can you protect yourself and your business from these malicious extensions? Here are five steps we recommend:

1. External Reviews: Since checking ratings and reviews on extension stores isn't always reliable (many malicious extensions don't have reviews), look for external reviews from trusted tech sites to judge whether an extension is safe.
2. Permissions: Be cautious if an extension asks for more permissions than it should. If a new extension requests extensive access to your data or system, this could be a red flag.
3. Security Software: Use robust software to catch malware before it can do any harm. This is your last line of defense if you accidentally install a malicious extension.
4. Necessity: Before installing any new software or browser extensions, consider whether you really need it. Often, you can achieve the same functionality by visiting a website.
5. Trusted Sources: Only install extensions from trusted sources or well-known software providers. This significantly reduces the risk of downloading a harmful extension.

Browsers that support extensions will always be targets for cyber criminals. Security teams work hard to review every extension to ensure they are safe, but it’s still crucial to be vigilant.

If you’re unsure whether your extensions are safe or not, or you’d like more advice around keeping your business secure, our team can help. Get in touch.