Browsers Security

4 Malicious Browser Extensions That Help Hackers Target Their Victims

Dan Price 13-07-2015

You might think that browser extensions are all about helping you, the end-user. You’d be wrong.


Although certain extensions such as bookmarking tools 10 Ingenious Bookmarklets To Make You a Google Power User If you love all that Google has to offer, but are not particularly fond of the browser extensions available, here are 10 great bookmarklets for Google that range from search options to very specific tasks. Read More , ad blockers, and translation add-ons Forget Google Translate: 3 Ways to Get an Accurate, Quick Translation Whether you're planning to apply for a job or an apartment abroad, or are looking to translate your web page, you need to get things right even with a foreign language. Read More undoubtedly provide a litany of benefits to the user, many seemingly innocent extensions have a much darker side – with the recent scandal around Hola VPN Hola is Basically a Botnet, Congress Redirected to Nude Photos, & More... [Tech News Digest] Also: Google offers unlimited photo storage, how you can pretend to be a destructive cat, and YouTube celebrates its 10th anniversary. Read More being a case in point.

Whether these are extensions that exploit vulnerabilities in other apps and websites, or simply supply a stream of information to the would-be hackers on their own, there is no question that you need to be increasingly vigilant about what you add to your browser.

How Widespread is the Problem?

Research late last year analysed more than 48,000 extensions in the Chrome store. Their results established that more than 4,700 were “suspicious”, and 130 were “malicious”. Although it went unnamed, the researchers claimed that one of those 130 had more than 5.5 million users.

At the time, Tyler Reguly, a security researcher and member of Tripwire’s Vulnerability and Exposure Research Team said, “Google Chrome plugins are, in many ways, like Android applications. They require excessive permissions without giving the end user any real understanding of what they are doing. In both cases, Google Chrome and Android, the issue lies with Google”.

Here are just a small sample of the browser extensions that can help hackers target their victims:


Marauders Map

Marauders Map [sic] falls into the prior of the two aforementioned categories, in that it exploits the legitimate Facebook Messenger app to plot your friends’ locations on a map.

Of course, we all already knew that Facebook shares our location Are You Sharing Your Location On Facebook Without Knowing? [Weekly Facebook Tips] Have you been giving your stalkers your address inadvertently? You might accidentally be giving all of your Facebook friends the exact location of your house, your office and where your kids go to school. Read More with friends, but you probably didn’t know how accurate the data is or how easy it is to extract and use. The extension was developed by a student in the US, so we’re not talking about highly complex code and algorithms – it’s something that anyone with a good level of coding ability, an inquisitive mind, and plenty of free time could have stumbled upon.

Reports suggest data can be extracted from as far back as 2013, though it will only work for friends who have location sharing enabled on their Facebook messages (the option is enabled by default on both Android and iOS).

If you’re the type of person who heavily moderates their Facebook friend list this is probably not something to be unduly concerned about, but if you habitually accept invites and have thousands of friends, some of whom you barely know, then you should consider your next steps carefully.


Using this app, it’s entirely possible that a hacker will be able to know (or ascertain based on past behavior) when you’re not at home, see what shops you frequent, and know who you spend most time with. This is clearly information that you should be keeping as private as possible for your own safety and security.

Hover Zoom

Hover Zoom falls into the second category mentioned at the start. It is directly monitoring your online behavior How to Protect Yourself From Unethical or Illegal Spying Think that someone is spying on you? Here's how to find out if spyware is on your PC or mobile device, and how to remove it. Read More .

The principle behind the extension is both simple and appealing – it lets you browse image galleries on several popular websites (such as Reddit, Amazon, Pinterest, eBay, Facebook, etc) by hovering your mouse over the image and without clicking on the thumbnail itself.

Since its launch it has gone on to amass more than 1.1 million users.


What many of those users might not be aware of is that the extension is actively monitoring the online habits of the vast majority of them.

But how did this happen, and how are they allowed to get away with it?

Hover Zoom started life as an honest and independent extension that did exactly what it said it would and no more. However, as its popularity increased, so did its attractiveness to adware and malware companies.

It was bought out by one such company, and now has a long history of “bad behaviour” going back quite some time – the developers have been caught collecting online form data and selling your keystrokes in recent years.


They can get away with it because they disclose it on their description page. It says, “Hover Zoom requires that extension users grant Hover Zoom permission to collect browsing activity to be used internally and shared with third parties all for use on an anonymous and aggregated basis for research purposes“. In practice that means they track single webpage you visit and get paid for that data, while simultaneously placing adverts all over the sites you visit most regularly.

To sum up, more than one million people are being spied on by this extension alone.

BBC News Reader and Autocopy

The problem of extensions being sold and turned into trackers is not limited to Google Chrome.

The (unofficial) BBC News Reader on Firefox has also been discovered to be a guilty party, along with Autocopy – a tool which automatically copies selected text to the clipboard.

This provides users with an important lesson about third party extensions How Safe Is The Chrome Web Store Anyway? A Google-funded study has found that tens of millions of Chrome users have add-ons harboring malware installed, representing 5% of total Google traffic. Are you one of these people, and what should you do? Read More , apps, and websites. While the official apps of some services come in for (often legitimate) criticism for their approach to privacy and security, in reality they are at the mercy of their user base – a big enough outcry will force them to address concerns and amend their policies. Third party apps and extensions are normally not constrained by such consumer pressures – they can keep tracking you and selling your data, often without you even realising.

Use them at your peril.

Hola Unblocker

No list of malicious extensions would be complete without Hola Hola Unblocker - Easily Access Region-Blocked Content Access sites like Hulu, CBS, iTV and Pandora regardless of which country you're in. Even better, there's no need to change your DNS settings or set up a VPN. Hola Unblocker is an Android app,... Read More . Described by researchers as an “ideal platform for executing targeted cyberattacks“, the once much-loved free VPN service is now at the top of the list of “extensions to avoid”.

With 46 million users around the world, it is comfortably the biggest malicious extension in the Chrome Store.

The problem came to light after a forum owner who alleged that users of Hola had been unknowingly powering a botnet to conduct multiple attacks on his website. The developers then admitted that bandwidth from users of the free version of the extension was being sold to cover operational costs.

In practice, this meant that each user became an end point for the network, each of which could be exploited by hackers and attackers.

Hola’s founder defended his company as innovators, saying “We innovated quickly, but it looks like Steve Jobs was right. We made some mistakes, and now we’re going to fix them, fast” – but that will be of little consolation to compromised users.

How Do You Know if Your Extensions Are Malicious?

The most effective way of determining whether an extension is malicious is by using Shield For Chrome [No Longer Available] which, ironically, is another extension!

Once installed, it will automatically scan all the extensions in your browser and let you know if any of them are on its blacklist. You can then delete any offenders.

It also has some additional useful features; for example, it will show you the permissions that each extension currently has, monitor future installations and website behavior for any malicious activity, and soon it will have the ability to notify you if the ownership of the extension changes or if the extensions starts to behave oddly.

You could also check out Extension Defender [No Longer Available]. It does a similar job to that of Shield For Chrome, but based on user comments it appears to flag less false positives.

Have You Been Caught Out?

Have you been burned by a malicious extension? What type of browser user are you – do you have hundreds of extensions you rarely use or do you keep your machine lean and mean?

Perhaps you know about a malicious extension that we missed?

Whatever you situation we’d love to hear from you. Let us know your thoughts, feedback, and opinions in the comments below.

Related topics: Browser Extensions, Online Privacy, Online Security.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. ab
    September 3, 2016 at 7:11 am

    Nice job including a link to another MUO article on Hola with no edits warning users about it's maliciousness.

  2. Anonymous
    July 14, 2015 at 4:24 pm

    There is a share meeting after lunch every Thursday in our company.
    In this meeting, some coworker will share their story, experiences they got in their work with us.

    Last week, I shared some useful Mac tools and Chrome Extensions. I got a lot of good feedbacks from my coworkers.

    Here is the list of the most useful and frequently used Chrome Extensions:

    1. [QR Code Maker]( - Generate a QR Code of the website you are visiting. Then you can use your mobile to scan it and visit it on your phone. No need to type.

    2. [Draft]( - A new tab is just like a draft. Open a tab and write. It will save for you.

    3. [Clearly] [Broken Link Removed] - Product of Evernote. It helps sync the article reading to your Evernote account.

    4. [One Tab]( - You opened too many tabs? No worries, it helps you save them in one tab.

    5. [Better History] [Broken Link Removed] - It has a much better UI than default Chrome browser.

    6. [Bookmark Manager]([No Longer Available]) - It has a much better UI than default Chrome browser.

    7. [QR Reader Beta] [Broken Link Removed] - You want to scan a QR Code on PC? This is exactly what it does.

    8. [Send to kindle]( - Sync articles to your Kindle device.

    9. [[For Developer] Postman] [Broken Link Removed] - It is a very useful tool to test APIs. You can immitate POST & GET.

    10. [[For Developer] JSON View]( - It will help you display a JSON in a readable way.

    • whyjxz14
      January 25, 2016 at 2:43 pm

      WOW these are great !!!! Thanks

      • Anonymous
        January 26, 2016 at 2:05 am


  3. Anonymous
    July 14, 2015 at 9:06 am

    Thanks for this article. just installed Extension Defender.
    I find MakeUseOf a constant source of good information and just want to seize the opportunity to say "Thank you"

    • Dan Price
      July 14, 2015 at 4:31 pm

      Thanks Algarve. Really appreciate that :)

  4. Anonymous
    July 13, 2015 at 4:57 pm

    "if you habitually accept invites and have thousands of friends, some of whom you barely know"

    Would anybody that does this actually read anything on this web site?

    • Anonymous
      July 14, 2015 at 1:00 am

      I imagine they would, and people can and do change their behavior, while I'll admit that most don't. Good comment though.