In recent weeks, Gigastrand has seen 2 instances of browser extension malware installed by unwitting users on Safari in Mac OS and Chrome in Gigastrand OS v3.
This discovery makes a change in operating system ineffective when it comes to security. Malware seems to be targeting Internet browsers with the OS being a secondary consideration.
However, this is easily mitigated if users pay attention. These extensions generally require user permission to install – a fairly standard security precaution in browsers. Once installed, they can be easily removed from a browser by removing them in the extensions or plugins page for the browser. In extreme cases, the browser can be uninstalled and reinstalled.
One word of caution, browsers like Chrome will re-install an extension upon login. There is a narrow window of time between login and when the extension is reinstalled to be on the extension page.
A few pieces of advice to prevent this from happening.
- Don’t install plugins or browser extensions from outside sources.
- Read the prompts that popup on a website. Do not agree to install anything unless you know what it is.
- Watch the prompts for software carefully. Do not install programs that install 3rd party software as well.
Paying attention to what your computer tells you can prevent a lot of this from happening no matter what OS you use.
User installed malware found on non-Windows machines.