The National Telecom and Information Technology Security Board (NTISB) in Pakistan has issued a critical warning to internet users, advising them to avoid 16 browser extensions due to potential hacking and data breach risks. These extensions include a mix of AI tools and VPN services, both of which have seen rising demand in recent months, reads a DAWN report.
In its advisory, the NTISB cautioned that hackers are exploiting popular browser extensions to steal personal information from users' social media accounts, banking platforms, and other online services. Browser extensions, designed to add functionality to platforms like Google Chrome, Mozilla Firefox, and Microsoft Edge, require significant access to user data, making them a potential vulnerability. Unlike standalone applications, extensions operate within browsers and are often free, making them attractive yet risky options for users.
The NTISB identified 16 potentially compromised extensions, including well-known tools like AI Assistant — ChatGPT and Gemini, Bard AI Chat Extension, VPNCity, Internxt VPN, and Tracker — Online Keylogger Tool. Last month, reports surfaced of a large-scale cyberattack targeting 35 extensions, including these 16, exposing over 2.6 million users to data theft. Cyberhaven, one of the targeted extensions, disclosed that hackers had uploaded a malicious version to the Chrome Web Store, enabling the theft of users’ sensitive data.
The NTISB emphasized the need for caution, recommending that users avoid the flagged extensions, choose trusted alternatives, and carefully review permissions before installing any extension. Regular updates and the removal of unused extensions were also advised to enhance browser security.
The advisory spotlighted free VPN services, including VPNCity and Internxt VPN, which have gained popularity in Pakistan for bypassing content restrictions. Simon Migliano, head of research at Top10VPN.com, highlighted the risks of free VPNs, noting that 88% leak IP addresses and DNS data.
Simon Migliano warned that many free VPNs are riddled with malware or aggressive advertising and monetize user data by selling it to third parties. Migliano stressed the importance of using reputable, subscription-based VPN services to ensure user security.
Bd-pratidin English/ Jisan
