Push Security Enhances Browser Protection with Innovative Malicious Extension Detection
Push Security, a notable player in the realm of digital security, has rolled out new features designed to detect and block malicious browser extensions through its innovative browser-based security platform. This enhancement is a critical addition for organizations seeking to shield their employees from evolving online threats. With this new capability, companies can now automatically prevent known harmful extensions from being utilized within employee browsers, thereby creating a more secure online environment.
The surge in attacks employing malicious browser extensions has become a concerning trend for cybersecurity professionals. Recent campaigns, including those named ShadyPanda, ZoomStealer, and GhostPoster, highlight the pressing dangers associated with compromised browser extensions. These campaigns have not only targeted individual users but have also resulted in breaches affecting well-known vendors like Cyberhaven and Trust Wallet, underscoring the growing complexity and risk posed by such threats.
Jacques Louw, the Chief Product Officer at Push Security, emphasized the critical nature of browser extensions as often overlooked yet potent vectors for attacks. “Browser extensions represent one of the most under-monitored attack vectors in modern enterprises,” he stated. In today’s landscape, where diverse operating systems and browsers are employed across organizations, a comprehensive overview of what is actively running within these environments remains challenging. This complexity increases the difficulty of identifying potentially malicious activities stemming from malicious extensions.
The significance of this issue cannot be overstated. An increasing number of applications are accompanied by browser extensions, with the Chrome Web Store alone featuring over 100,000 different extensions. This vast repository highlights an expanding attack surface that organizations may not fully grasp. These extensions range from essential productivity tools to advanced AI overlays, screen recorders, and design applications, making them ubiquitous in both personal and professional settings.
Louw elaborates on a worrying trend in the development of malicious extensions: “Compounding the issue, most malicious extensions do not begin as malicious.” He explained how attackers often create initially harmless extensions, only to later issue harmful updates, or even take control of existing extensions with considerable user bases. This can be accomplished not only through hacking the original developers but also through legitimate acquisition of the extensions. Once a malicious update is applied, any browser running these extensions risks being compromised during their next update cycle.
Given the integral role that extensions play in online productivity, simply blocking their use is not a viable solution for most organizations. Louw emphasized the necessity for security teams to have visibility into extension usage and the ability to enforce security policies without disrupting employee productivity.
While extension code is scrutinized during the upload and approval processes, the methods employed by attackers can often circumvent these checks. Techniques such as obfuscation and dynamic code compilation make it increasingly challenging for detection systems to effectively identify malicious extensions. Typically, extensions are flagged only after malicious activity is detected, and even then, the damage may already be done. The retention of inactive extensions within user browsers, even post-removal from stores, accentuates the need for organizations to adopt detection and blocking measures that are independent of commercial web stores.
The new functionality introduced by Push Security empowers organizations by allowing them to automatically block known malicious extensions, leveraging a continuously updated intelligence database that catalogues reported harmful extensions. Administrators can manage these security measures through a user-friendly console, either monitoring or outright blocking specific extensions. The moment a malicious extension is identified within the system, the platform generates alerts classified by severity and can instantly disable the extension in question.
In addition to blocking harmful extensions, Push Security’s platform offers real-time visibility into all installed extensions within an organization’s ecosystem. This includes critical metadata such as publisher histories, permissions, deployment methods, and update activities. This level of insight equips security teams to efficiently manage extensions across varied browsers and operating systems. Moreover, it allows for the identification of potentially risky extensions, the implementation of allowlists or blocklists, and the monitoring of suspicious modifications, such as shifts in ownership or permission levels.
The launch of these new features expands the capabilities of Push Security’s browser-based platform, which already provides robust protection against various cyber threats, including adversary-in-the-middle (AiTM) phishing attacks, credential stuffing, session hijacking, and other browser-level assault tactics. As cyber threats continue to evolve, such innovations are crucial for organizations aiming to safeguard their digital environments from sophisticated attacks.