Forced browser extensions — extensions that force us into installing them on browsers by not giving users a choice to say "no" — are always annoying for, be it on PCs or smartphones. But there are some really obstinate browser extensions which don't allow users to remove them.
One such extension — a new one — has been found to not only spy on your browsing behaviour but also hijack your browser.
Researchers from Malwarebytes discovered this malware-based extension called "Tiempo en colombia en vivo." It's found that this malware mostly affects Google Chrome and Mozilla Firefox browsers.
According to the researchers, any attempt at removing the extensions results in the browsers being blocked. However, the researchers have not provided more details on what this malware-based extension is capable of.
According to Digital Trends, the extension can hijack a browser to push technical support scams. It is also capable of hijacking all web searches. Researchers also claim it can spy on your web behaviour.
Malwarebytes Labs reports says: "In Firefox, this problem is relatively easy to circumvent, but for Chrome it takes a lot of digging—so much so that we suggest the fastest way to resolve the problem is to report it to Chrome or your favorite security solution so they (we) can take care of it."
How it works
The report says the extension installation is forced. If a user attempts to cancel the installation, then a pop-up will come up asking to add an extension for exiting the page, which is actually a trick to fool the user.
If a user is smart enough and chooses to cancel the pop-up, another pop-up will come up saying "Prevent this page from creating additional dialogue." Once the user hits the "OK" button, immediately the browser goes full screen by disclosing the extension name.
"The clean method to disable extensions from redirecting your Chrome tabs is to start Chrome with disabled extensions. You can do this by adding the switch '–disable-extensions' to the command to run Chrome," says the Malwarebytes Labs report.
On the Firefox version of the extension, users see a web-based advertisement which pretends to be an official Firefox manual update. The advertisement is made in such a way that it looks genuine so that users install the malicious extension. Adding the extension will block access to "about: addon" by closing the page.
"Firefox' safe mode is most helpful, as you can see all the installed extensions while they are not active. Doing so allows you to manually remove the extension (and any others you might not want) in the same way you normally would. Click the 'Remove' button in the extensions description field, and you're done," says Malwarebytes Labs report.
Researchers suggest that the best way to avoid this malicious extension is to stay vigilant as you surf and use an adblocker on the browser, which could help in blocking unwanted extensions.