How You Might Get Hacked By a Chrome Extension

Chrome extensions offer useful tools that enhance your browsing experience—except when they contain viruses that compromise your computer’s security. The ramifications of this can be quite serious. Think for a moment about all the sensitive information that’s stored in your browser. Passwords, access to your online workspace/social media accounts, and credit card credentials are at stake.

Even an innocuous-looking Chrome theme may contain malware (it’s happened to us!). The Chrome web store’s security isn’t as trustworthy as you might expect; it has pretty weak regulation. As an avid Internet user, you need to be prepared against the security breaches resulting from downloading extensions. Let’s get into how you can tell if an extension has hacked you and how you can prevent it from happening again:

Watch for the Warning Signs

Is your browser acting a little…off? Don’t just ignore it—the extension that you installed recently may be to blame. Pay attention to these behaviors, which might indicate that your Google Chrome has been hacked:

●The default search engine is different.

Searching for answers on Google is almost automatic to most of us. We fire up Chrome, type in our query, and wait for the list of results to load.

Pay attention to what your browser URL does when you search for something. Does it redirect you to any strange websites? Even if it reroutes you to Google eventually, this is still cause for concern. An extension may have hijacked your browser and is trying to bring traffic to another search engine.

The point here is that if Chrome takes you anywhere other than Google (and you haven’t set it to do so), you have reason to suspect that you’ve been hacked.

●Your social media accounts are liking strange posts.

The next time you open your Facebook or YouTube feed, you may notice something strange in your history. Your account may have liked spam or click-bait posts or subscribed to several new channels.

Any activity on your social media that you haven’t authorized means that someone else is accessing your account.

●You keep seeing strange ads.

Are the ads that you see starting to look a bit inappropriate? You haven’t visited any sketchy websites, but you keep getting ads that are risqué and downright malicious. This could mean that an extension has hijacked your ads.

If you notice any of these signs when you use Chrome, then your browser may have been hacked by an extension.

What Can You Do if You Get Hacked?

You’ve determined that your browser isn’t behaving as usual. The question is, how do you regain control of it and identify the issue?

●Scan for security breaches.

This website allows you to enter your email address and see if it’s been leaked in any data breaches. It will even tell you the source of the data breach. This is a useful way to identify risks.

Take it one step further by scheduling a Dark Web and External Security Scan. This detects whether your information is available on the Dark Web or if you have unsecured access points on your computer.

These scans and data-breach checks go a long way in protecting your computer against viruses.

●Change all your passwords.

We all know how annoying it can be to change your password. Get ready to enter in the wrong one for the next few weeks while trying to break the habit. But beefing up your password with extra security (like special characters, capitalization, and avoiding the most common passwords) is an effective measure to prevent security issues.

The longer your password is, the better. Amp up your protection with security questions that only you could answer.

●Delete the extension!

This should be your top priority. You need to identify which extension is causing the problem and delete it right away. Sometimes, it’s obvious—like when you downloaded an extension the day before, and you’ve already noticed strange things about your browser. But what if you got 10 new extensions in one day, and you can’t find the culprit?

Try to use a process of elimination to determine which extension is causing the problem. One by one, delete your extensions until the problem is resolved. Once you’ve found the malicious extension, you can reinstall the ones you discovered were not the problem. Alternatively, you can use a malware scanner like this one to identify the virus.

After you delete the extension, you’re left wondering: how can I avoid dangerous extensions in the future?

How to Protect Your Browser against Hacked Chrome Extensions

The solution here isn’t just to never download extensions—they add useful functionality to your web browser. What you need to do is be more skeptical of the extensions that you download.

Luckily, there are a few tools that can help you separate the safe extensions from the malware-ridden ones:

●View the source code of the extension.

This step is best for those with some knowledge of JavaScript, but even if you’re a beginner, it can help you in a pinch.

When you install this extension, you’ll be able to view the source code of other extensions with the click of a button.

When you read the extension’s code, you might be able to spot anything that’s out of place. Is it running several scripts? Does it contain any installation files? Are there any phrases that seem unusual to you?

It’s tough to spot a suspicious extension by the source code alone if you don’t have JavaScript experience. But for the tech-savvy readers out there, consider downloading this handy tool.

●Be skeptical of what permissions you allow.

Whenever you download an extension, you’ll need to grant it permission to access your information. It may also request the ability to perform certain tasks in your browser. Be careful about what you allow the extension to access.

Also, make sure that those permissions line up with what the extension is designed to do. An extension that changes your Chrome home screen shouldn’t need access to change data on websites you use.

If you feel uncomfortable granting permissions to the extension, it might be best to delete it altogether.

●Install Password Checkup.

You might be asking yourself: should I really install an extension to prevent hacked extensions? It might sound fishy, but Google itself offers this tool called Password Checkup. It compares the login credentials you use to any username or password leaked in a data breach. If it finds a match, it will suggest you change it. After all, you don’t want to use a password that’s easy for hackers to guess!

It’s a bit surprising how many hacked extensions are available on the Google Chrome Web Store. This is Google we’re talking about, after all. However, it doesn’t look like the company plans to implement any additional verification for extensions soon—that puts the burden on users to identify risky downloads.

Now that many of us are working from home, we’re more reliant on technology than ever. You can find a range of useful tools on the Chrome Web Store that enhance your browsing experience and help you save time on tedious tasks. However, just because an extension is available for download doesn’t mean that it’s safe.

Many of us know better than to download random files from the Internet. But not everyone is aware that extensions in the Chrome Web Store can be just as dangerous. We hope that this guide helps you stay safe from these viruses.