Last week, the Nigerian Communications Commission identified 5 malicious chrome browser extensions.
According to the cybersecurity arm of the commission, the 5 malicious extensions which the McAfee Mobile Research Team earlier discovered are Netflix Party with 800,000 downloads, Netflix Party 2 with 300,000 downloads, Full Page Screenshot Capture Screenshotting with 200,000 downloads, FlipShope Price Tracker Extension with 80,000 downloads, and AutoBuy Flash Sales with 20,000 downloads.
Together, they have garnered over 1.4 million downloads.
Browser extensions are software that can customise web pages and perform functions such as blocking pop-up ads, preventing the autoplay of videos, web page designs and cookie management.
An alarming feature is that they can track every single online activity, including financial transactions. Once a malicious browser obtains access to a device, it can introduce adware, ransomware, and steal data.
According to NCC: “The users of these chrome extensions are unaware of their invasive functionality and privacy risk. Malicious extensions monitor victims’ visits to e-commerce websites and modify the visitor’s cookie to appear as if they came through a referrer link.
Consequently, the extensions’ developers get an affiliate fee for any purchases at electronic shops.”
Note that while android phones are not as susceptible to traditional computer viruses as PCs are, they can be infected with various types of malware. These extensions can steal data and card details.
As such, the NCC urges internet users to pay close attention to the promptings from their browser extensions, such as the permission to run on any website visited and the data requested before installing it.
Permission granted to apps should also be properly analysed. For instance, a ‘diary app’ should not be asking for access to a camera or microphone. That alone spells a red flag.
Google stated on its support page that it checks apps and devices for harmful behaviour.It runs a safety check on apps from the Google Play Store before you download them.
It checks your device for potentially harmful apps from other sources. These harmful apps are sometimes called malware.
Furthermore, research by a cybersecurity expert identified malicious apps on the play store with over 3 million downloads.
Why it matters:
In 2016 Kaspersky reported that mobile devices had become a new target for spam and malware attacks. This indicates that businesses are not the only targets of attacks but individuals also. The data protection company also listed Nigeria as one of the three most attacked countries on the continent.
The government is taking a greater interest in reviewing citizens’ cyber safety. In August, the Federal Competition and
Consumer Protection Commission (FCCPC) gave orders to put down apps supporting illegal loan sharks from Google Playstore and other platforms on which they were hosted.
The days ahead will see a greater crackdown on cybercriminals even as awareness of cybersecurity deepens in the country.