KARACHI: The National Telecom and Information Technology Security Board (NTISB) has issued an alert advising users to steer clear of 16 specific browser extensions due to their potential involvement in hacking and data breaches.
The advisory highlighted that hackers are exploiting these extensions to steal sensitive personal information, including data from social media platforms, banking apps, and other websites. Browser extensions, which add extra functionality to platforms like Google Chrome, Mozilla Firefox, and Microsoft Edge, are becoming a target for cybercriminals.
Unlike traditional applications, browser extensions are limited to the browser environment and are not installed directly on users' devices. These tools, often developed by third parties, offer features such as note-taking, ad-blocking, and video downloading. However, they typically require extensive permissions and access to sensitive data to function properly.
The NTISB listed the 16 compromised extensions, which include popular AI and VPN tools such as:
AI Assistant — ChatGPT and Gemini for Chrome
Bard AI Chat Extension
GPT 4 Summary with OpenAI
Search CoPilot AI Assistant for Chrome
Wayin AI
VPNCity
Internxt VPN
Vidniz Flex Video Recorder
VidHelper Video Downloader
Bookmark Favicon Changer
UVoice
Reader Mode
Parrot Talks
Primus
Trackker — Online Keylogger Tool
AI Shop Buddy
Rewards Search Automation
Reports last month revealed that over 2.6 million users were exposed to data and credential theft during a large-scale cyberattack targeting 35 browser extensions, including the ones flagged by the NTISB. Hackers infiltrated some legitimate extensions, such as Cyberhaven, and uploaded malicious versions to the Chrome Web Store.
The NTISB advised users to uninstall these extensions and consider safer alternatives. It urged people to thoroughly read permissions before installing extensions, regularly update them, and remove any that are unnecessary.
Among the flagged extensions were VPNCity and Internxt VPN, both of which are virtual private network tools designed to bypass restricted content. The popularity of VPNs has surged in Pakistan, particularly after the ban on accessing X (formerly Twitter) and other restrictions on internet usage.
Simon Migliano, head of research at Top10VPN.com, stated that while a few free VPN tools are secure, the majority pose serious cybersecurity risks. A 2024 study by Top10VPN revealed that 88% of free VPNs and browser extensions leaked sensitive user data, such as IP addresses and DNS information.
“Free VPNs often come with aggressive advertisements or malware,” Migliano said, explaining that many monetize personal data by selling it to third parties. He emphasized that trustworthy VPN services typically charge subscription fees to cover their operational costs.
