KARACHI: The National Telecom and Information Technology Security Board (NTISB) has warned users to avoid 16 browser extensions due to potential threats of hacking and data breaches.
The list included a number of AI and VPN extensions, both of which have seen a surge in their demand recently.
In its advisory, the NTISB said hackers were exploiting commonly used browser extensions “to steal personal information” from social media apps, banking apps and other websites.
Extensions are software users can install to their browsers — Google, Mozilla, Microsoft Edge — for adding functionality.
These are different from applications because, unlike apps, extensions are not installed on users’ devices and are limited to browsers only.
These extensions, which are mostly developed by third parties, offer a wide range of functions — taking notes, editing texts, downloading content, saving passwords, blocking ads, etc.
Like applications, these extensions need a broad range of permissions and access to sensitive information to function properly.
However, unlike apps, which are either subscription-based or perform a function that generates revenue for the developer, most of these extensions are free and hence carry bigger security risks.
Large-scale attack
The NTISB advisory listed 16 extensions “suspected to be compromised. They included AI Assistant — ChatGPT and Gemini for Chrome, Bard AI Chat Extension, GPT 4 Summary with OpenAI, Search CoPilot AI Assistant for Chrome, Wayin AI, VPNCity, Internxt VPN, Vidniz Flex Video Recorder, VidHelper Video Downloader, Bookmark Favicon Changer, UVoice, Reader Mode, Parrot Talks, Primus, Trackker — Online Keylogger Tool, AI Shop Buddy, and Rewards Search Automation etc.
Last month, it was reported that a large-scale attack by hackers targeted 35 extensions — including the 16 listed by the NTISB — which exposed over 2.6 million users to data and credential theft.
One of the targetted extensions, Cyberhaven, disclosed that hackers managed to get access to the extension, allowing them to publish a malicious version on Chrome Web Store.
The NTISB warned that hackers are exploiting these “legitimate extensions” by sending malicious code to further users’ Personal Identification Information.
It recommended users avoid these extensions and use alternate options.
The advisory stated that users should only install trusted extensions and read permissions before granting them.
These extensions should be regularly updated, and unwanted extensions should be removed from the browser.
Free VPN extensions
Two of the extensions mentioned in the list — VPNCity and Internxt VPN — are Virtual Private Networks which allow users to bypass blocked content.
The use of VPNs has surged in Pakistan since last year, when users switched to proxies to access X, which has been banned since February 17 and bypass local internet infrastructure during widespread to avoid disruptions.
Simon Migliano, the head of Research at Top10VPN.com, a VPN review website, said a handful of free VPN apps and browser extensions are safe to use, but an overwhelming number of free proxies pose significant cybersecurity risks.
Research by Top10VPN in June 2024 showed that around 88 per cent of free VPNs and extensions leaked IP addresses, DNS data and user information.
“Free VPNs are often riddled with aggressive advertising or even malware,” Mr Migliano told Dawn, adding that many collect and monetise users’ personal data by selling it to third parties.
He said VPN developers have high operating costs and it is not possible for a trustworthy VPN service to not charge a subscription fee.
He advised users to research a VPN service before using it and read “as many reviews as possible”.
Published in Dawn, January 27th, 2025
Leave a Reply