KARACHI: The Natio­nal Telecom and Infor­mation Technology Secur­ity Board (NTISB) has warned users to avoid 16 browser extensions due to potential threats of hacking and data breaches.

The list included a number of AI and VPN extensions, both of which have seen a surge in their demand recently.

In its advisory, the NTISB said hackers were exploiting commonly used browser extensions “to steal personal information” from social media apps, banking apps and other websites.

Extensions are software users can install to their browsers — Google, Mozilla, Microsoft Edge — for adding functionality.

These are different from applications beca­use, unlike apps, extensions are not installed on users’ devices and are limited to browsers only.

These extensions, which are mostly developed by third parties, offer a wide range of functions — taking notes, editing texts, downloading content, saving passwords, blocking ads, etc.

Like applications, these extensions need a broad range of permissions and access to sensitive information to function properly.

However, unlike apps, which are either subscription-based or perform a function that generates revenue for the developer, most of these extensions are free and hence carry bigger security risks.

Large-scale attack

The NTISB advisory listed 16 extensions “suspected to be compromised. They included AI Assistant — ChatGPT and Gemini for Chrome, Bard AI Chat Extension, GPT 4 Sum­mary with OpenAI, Search CoPilot AI Assistant for Chrome, Wayin AI, VPNCity, Internxt VPN, Vidniz Flex Video Rec­order, VidHelper Video Downloader, Bookmark Favicon Changer, UVoice, Reader Mode, Parrot Talks, Primus, Trackker — Online Keylogger Tool, AI Shop Buddy, and Rewards Search Automation etc.

Last month, it was reported that a large-scale attack by hackers targeted 35 extensions — including the 16 listed by the NTISB — which exposed over 2.6 million users to data and credential theft.

One of the targetted extensions, Cyberhaven, disclosed that hackers managed to get access to the extension, allowing them to publish a malicious version on Chrome Web Store.

The NTISB warned that hackers are exploiting these “legitimate extensions” by sending malicious code to further users’ Personal Identification Information.

It recommended users avoid these extensions and use alternate options.

The advisory stated that users should only install trusted extensions and read permissions before granting them.

These extensions should be regularly updated, and unwanted extensions should be removed from the browser.

Free VPN extensions

Two of the extensions mentioned in the list — VPNCity and Internxt VPN — are Virtual Private Networks which allow users to bypass blocked content.

The use of VPNs has surged in Pakistan since last year, when users switched to proxies to access X, which has been banned since February 17 and bypass local internet infrastructure during widespread to avoid disruptions.

Simon Migliano, the head of Research at Top10VPN.com, a VPN review website, said a handful of free VPN apps and browser extensions are safe to use, but an overwhelming number of free proxies pose significant cybersecurity risks.

Research by Top10VPN in June 2024 showed that around 88 per cent of free VPNs and extensions leaked IP addresses, DNS data and user information.

“Free VPNs are often riddled with aggressive advertising or even malware,” Mr Migliano told Dawn, adding that many collect and monetise users’ personal data by selling it to third parties.

He said VPN developers have high operating costs and it is not possible for a trustworthy VPN service to not charge a subscription fee.

He advised users to research a VPN service before using it and read “as many reviews as possible”.

Published in Dawn, January 27th, 2025

Opinion

From hard to harder

From hard to harder

Instead of ‘hard state’ turning even harder, citizens deserve a state that goes soft on them in delivering democratic and development aspirations.

Editorial

Canal unrest
Updated 03 Apr, 2025

Canal unrest

With rising water scarcity in Indus system, it is crucial to move towards a consensus-driven policymaking process.
Iran-US tension
03 Apr, 2025

Iran-US tension

THE Trump administration’s threats aimed at Iran do not bode well for global peace, and unless Washington changes...
Flights to history
03 Apr, 2025

Flights to history

MOHENJODARO could have been the forgotten gold we desperately need. Instead, this 5,000-year-old well of antiquity ...
Eid amidst crises
Updated 31 Mar, 2025

Eid amidst crises

Until the Muslim world takes practical steps to end these atrocities, these besieged populations will see no joy.
Women’s rights
Updated 01 Apr, 2025

Women’s rights

Such judgements, and others directly impacting women’s rights should be given more airtime in media.
Not helping
Updated 02 Apr, 2025

Not helping

If it's committed to peace in Balochistan, the state must draw a line between militancy and legitimate protest.