The National Telecom and Information Technology Security Board (NTISB) has issued a warning to users about 16 browser extensions, citing potential risks of hacking and data breaches. These extensions, including AI and VPN tools, have gained popularity but may be exploited by hackers to steal sensitive information.
According to the NTISB advisory, cybercriminals are using these widely adopted browser add-ons to target personal data from social media, banking apps, and other websites. Extensions, unlike applications installed on devices, operate exclusively within browsers such as Google Chrome, Mozilla Firefox, and Microsoft Edge, offering various functionalities like text editing, password saving, and ad blocking.
The NTISB identified several compromised extensions, including AI Assistant – ChatGPT and Gemini for Chrome, Bard AI Chat Extension, Search CoPilot AI Assistant for Chrome, VPNCity, Internxt VPN, and others.Â
Last month, reports emerged of a large-scale attack on 35 extensions, including the ones flagged by NTISB, which affected over 2.6 million users by exposing their data and credentials to hackers.
Hackers reportedly accessed these extensions by injecting malicious code into legitimate tools, later publishing the compromised versions on official browser stores. The advisory recommended that users avoid these extensions, choose trusted alternatives, and carefully review permissions before installation. Regular updates and removal of unwanted extensions were also advised.
The list included VPN extensions like VPNCity and Internxt VPN, highlighting the growing demand for Virtual Private Networks in Pakistan. VPNs have become increasingly popular since the ban on social media platform X in February 2024 and frequent internet disruptions. However, cybersecurity experts warn that free VPN services often pose significant risks, including data leaks and malware.
Simon Migliano, head of research at VPN review platform Top10VPN.com, noted that around 88% of free VPNs and extensions leak IP addresses and user information. He emphasized that operating a trustworthy VPN requires high costs, making free services potentially unsafe. Migliano advised users to thoroughly research and read reviews before choosing any VPN service.
