Cybersecurity Advisory Issued for Pakistani Users of Browser Extensions
The National Telecom and Information Technology Security Board (NTITSB) has issued a critical cybersecurity advisory regarding a surge in hacking attempts targeting Pakistanis through compromised browser extensions. Popular tools such as ChatGPT-4, Gemini for Chrome, and a dozen other extensions have been used by hackers to steal private data, particularly focusing on users of virtual private networks (VPNs) and artificial intelligence-based extensions.
The advisory reveals that hackers are using phishing techniques to inject malicious code into legitimate browser extensions. These malicious codes are designed to compromise users’ personal identifiable information (PII). At least 16 widely used extensions have been flagged as potentially compromised, including:
Read More: Hackers Disabled Islamabad Safe City Systm and Stole Data
- AI Assistant – ChatGPT and Gemini for Chrome
- Bard AI Chat Extension
- GPT 4 Summary with OpenAI
- Search CoPilot AI Assistant for Chrome
- Wayin AI
- VPNCity
- Internet VPN
- Vidniz Flex Video Recorder
- VidHelper Video Downloader
- Bookmark Favicon Changer
- UVoice
- Reader Mode
- Parrot Talks
- Primus
- Trackker – Online Keylogger Tool
- AI Shop Buddy
- Rewards Search Automation
Recommended Precautions:
To safeguard against these threats, the NTITSB advises the following precautions:
- Avoid using the flagged extensions for the time being and opt for well-reputed alternatives.
- Only install extensions from trusted sources.
- Review and limit permissions requested by extensions whenever possible.
- Regularly update all installed extensions to patch any vulnerabilities.
- Remove unused or unnecessary extensions.
- Use licensed antivirus software from reputable providers.
- Be cautious when using free extensions, as they may pose greater risks.
- Continuously monitor system utilities and data usage for any abnormal or suspicious activity.
Users are urged to stay vigilant and take proactive measures to protect their personal information while browsing the web.
