Do you use Gmail? If you do, you might have noticed a new addition to…

Encryption; why it should matter to you

Springtime for us means it’s time for none another than…spring cleaning! And if there is…

How to spring clean your PC!

Remember that time that you, channeling your inner diva, began to belt it out on…

The dangers of public Wi-Fi

Chalk it up to the fact that homo sapiens have always had to find new…

Curiosity killed the computer

Perhaps it’s no coincidence that “adware” and “annoying” both start with the letter A, because…

Adware Goes Rogue

We have written a lot about ransomware in all different forms and incarnations here on…

Ransomware, Ransomware , Everywhere

We’re betting you love your smartphone. It’s okay if you do, because you’re in good…

The Banking Trojan in Your Pocket (or, Why Your Smartphone is Way Less Secure Than you Think it is)

Where were you in 2012? If you were on LinkedIn back then, there’s a good…

Have you Been Pwned in the LinkedIn Data Dump? Here is how to Tell!

Remember how your crazy old Aunt Sally stashed all her money in between mattresses because…

Lessons from the SWIFT Fiasco; Could you be Banking Safer ?

June is upon us and with it comes some of life’s sweet little pleasures –…

The Mega Hacks Cometh!

Invariably, if you use the internet a lot, you probably hear the term “The cloud”…

Are You a Closet-Cloud-Confusee? Understanding The Cloud and What it Means for Your Security

So if you remember, about two weeks ago we told you about a huge string…

Mark Zuckerberg Gets a Lesson in Password Safety

Boom! Whizz! Bang! Typically, when you think of the Fourth of July, you think about…

The How to Liberate  Your Device From Intruders Guide for the Fourth of July

Wondering what your friend or co-worker is doing, staring at his or her phone, wandering…

Go, Pokemon Go! The Latest Craze that Could Fill your Device with Malware

So not only is Pokemon go the biggest craze ever (seemingly anyway), it also seems…

Privacy in the Age of Pokemon Go!

We are well into the summer and for a whole lot of people that means…

Sure, it's Not Your Fault; But They Got Your CC Info Anyway

We’re finally in the home stretch – In just a few days, school starts up…

8 Essential Back-to-School Cyber Security Tips for a Rockin&#039; (and secure) School Year

Happy National Online Learning Day! Wait, is that even a thing? Well, it is and…

Happy Online Learning Day! (Yup, it's Really a Thing!)

Here at Reason Software, we are excited to announce the release of Unchecky v1.0. This…

Unchecky v1.0 is Here! Interview with Michael Maltsev

Attention any and all persons weighing 400 pounds or more — Donald Trump thinks you…

Is Cyber Security Worth a Spotlight at the Debates?

Gather ‘round and we’ll tell you a tale (okay, a few tales) of mystery, murder,…

Creepy Tales from the Internet of Things Crypt

As morning hits around the globe, the world is waking up to find out that…

Lessons Learned From the Election Shocker; Don't Let Hacks Take You by Surprise

For better or for worse, the biggest shopping season of the year has arrived. Now…

The Ultimate How to Not Get Hacked While Shopping Online Guide

Oh, Thanksgiving Day. You probably get a warm and fuzzy feeling even before the sugar…

The (Rotten) Gift that Keeps on Giving

As if worrying that your Android might suddenly explode wasn’t enough to worry about. Researchers…

The Gooligan Android Breach; What you Need to Know

“Um, honey, I think we have a problem. The computer is telling me that all…

Vulnerability of the year: Ransomware

2016 has come and gone and now we can look back at the year that…

A is for Apple, B is for BitCoin; The Most Noteworthy Data Breaches of 2016

It’s been a full fifteen minutes since you last checked your Facebook account (oh, the…

Fake News Flash; Think Before you Share!

Mobile devices have come a long way. We mean a reeeallly long way. In but…

Simple Tips to Spotting Evil Apps

How does the idea of a smart city sound to you? The term might conjure…

The Hidden Dangers in Smart Cities + 5 Bonus Tips to Secure Your IoT Devices

You know the only saying “Nothing is certain but death and taxes”? Seems pretty clear…

5 Tricky Tax Season Scams and How to Avoid Them

When was the last time you went to your bank? If it feels like you’re…

5 Major FinTech Security Concerns You Need to Know About Before You Bank

In honor of Mother’s Day, we thought it would be fitting to take a look…

The amazing mothers of tech

By now, WannaCry is a household name. The ransomware that shocked the world on May…

WannaCry No More? You Better Start Patching

When is adware not just adware? When it’s also malware, of course! Fireball, a new…

Fireball & the explosive malware heard around the world

Imagine this scene: You’re sitting at home one night, happily watching House of Cards on…

Attacks to critical Infrastructures: the next cyber front to worry about

“We pride ourselves on being a leader in managing and protecting data….We also are focused…

Think Your ID was Exposed in the Equifax Breach? Here&#039;s What to do About it

This post has been updated to reflect the current BitCoin to UD Dollar exchange rate,…

Everything You Need to Know About Cryptocurrency

In a recent post, we discussed the basics of cryptocurrency — what it is, how…

The Role of Cryptocurrency In Cyber Crime

Remember the Petya/NotPetya ransomware outbreak from back in June? That was the ransomware that was…

Bad Rabbit: The New Ransomware With Some Famous Cousins

“It’s the most hackable time of the year.”  Oh wait, that’s not how the song…

How To Steer Clear of Cyber Monday Scams

As the holidays draw closer, chances are you’re busy making your gift list and checking…

What NOT to buy for the holidays

Another day, another oddly named malware attack. Last week, researchers from Kaspersky disclosed that they…

ZooPark and Watering Hole Attacks

So now, May 25th has come and gone. If you live in the EU, you’re…

Oh, the irony; phishers are using GDPR to scam you

Which is worse: getting hit with crypto mining malware or falling prey to ransomware? with…

Ransomware or crypto mining malware? Rakhni is both!

You may not have known, but September 15th is National Online Learning Day. Nowadays, it…

Watch out for online learning scams!

Veux-tu Virobot? For the non-francophones among us, what we’re asking is if you’ve heard about…

Virobot: are monster mash-ups the future of ransomware?

January 28th is International Data Privacy Day. If you’re wondering why data privacy needs its…

It's Data Privacy Day: What does your camera know about you?

Today, cameras are everywhere — on our phones, our Alexas, baby monitors, desktops, laptops, home…

Webcam hacking; taking back what’s yours

In spring 2018, a powerful banking Trojan named BackSwap surfaced, targeting online banking users in…

Browser-based threats; Don’t worry, we’ve got your back

Another day, another major hack. This time around, India-based outsourcing giant Wipro was hit with…

To Scan or Not to Scan; The Proactive Way to Protect Your PC

  Today is Mother’s Day, the day set aside to honor those special women, who…

The 5 Coolest Mother’s Day Tech Gifts You Can Find (and how to secure them!)

Reason is excited to launch Reason for Business, a powerful endpoint security protection solution for…

We Invite You to Join Reason for Business Beta

Cybersecurity breaches only make the headlines when they involve large entities like banks or tech…

Think SMBs Fall Under the Radar as Targets for Cyber Threats? Think Again.

The threat landscape is undeniably becoming more challenging and more menacing every day. It seems…

Reason Download Defender- It’s time to defend your downloads.

While spring cleaning may only come around once a year, PC cleaning needs to happen…

Should I Remove It? It’s cleaning time! How to declutter your PC.

6 tips for celebrating National Online Learning Day and keeping your data safe! Magnifying the…

To learn (online) or not to learn?

Next up on the ‘crazy meter’, and probably the ‘creepy meter’ as well, is the…

What happens when ‘ransomware’ meets ‘crazy’?

Recently, the cryptoblackmail scam, “ScamYourself”, has returned to the market – many usersworldwide have been…

Threat Analysis Report: Save Yourself Malware

The advent of the Internet and Internet-enabled technologies not only ushered in the era of…

Threat Intelligence; A Unifying Force of the Future.

Halloween: Famous SMB Cyber Attacks in Disguise. Halloween normally conjures up images of costumes and…

All Tricks and No Treats

Looking for another reason to put on your party hat? Well, we’ve got one: International…

International Internet Day: A Reminder about Security Online.

Hacking has evolved into a billion-dollar growth business, making hackers relentless in their pursuit to…

Can Antivirus Programs Stop Hackers?

Antivirus programs were initially created to distinguish and expel PC infections. Be that as it…

What is antivirus software and how can it protect you?

Before launching into a discussion on how an antivirus detects malware, it’s important to first…

How does an antivirus detect malware?

Get 70% Off Reason Cybersecurity on Black Friday and Keep Your Business out of the…

Cyber attacks and Black Friday: It only takes one to put you on the red

Start by Installing Reason Cybersecurity – Get 70% Off Today! Think about this for a minute:…

How to Keep Your Business Safe on Cyber Monday

Windows 10, according to theinquirer.net, is a particularly appealing target for hackers and virus writers…

Which Antivirus is Best for Window 10?

I think we can all agree that pups, the friendly, loyal, man’s-best-friend kind are cute…

Unwanted Software Blockers: Why Small Businesses Need Them

It’s here, 2020, the start of not just a new year, but a new decade…

Small business growth and guardianship in 2020: staying safe from hackers

Learning about antivirus programs and how antivirus programs protect your computer is a good first…

How antivirus programs protect your computer

We hear a lot about the importance of having antivirus software on our computers, but…

How Does Antivirus Software Work?

The term ‘antivirus’ is a bit of a misnomer today, since today’s antivirus software must…

why antivirus is needed?

According to cybercrime statistics from cpomagazine.com and websitehostingrating.com respectively, cybercrimes account for trillions of dollars…

Why is antivirus software important?

If a salesperson at a clothing store asked you if you needed any help and…

Browser or big brother? ReasonLab’s secure browsing premium feature protects your business

If you’re alarmed by all the news reports about malware attacks and the damage they…

Which antivirus should I use?

To combat the continuously evolving landscape of cybersecurity threats, antivirus software has been changing and…

How Antivirus Software Works

According to a recent report from statista.com, an online statistics portal, 74% of Americans own…

Which antivirus is best for a Windows 10 laptop?

While there is no quick way to answer which antivirus is better, there are at…

Which antivirus is better?

We hear the terms ‘antivirus’ and ‘antimalware’ bandied about so much it’s easy to understand…

Can antivirus detect malware?

“Reaper”, the first antivirus software, was created in response to “Creeper” the first computer virus,…

Are antivirus programs worth it?

The best protection against viruses and malware is reliable, up-to-date, antivirus software. Fortunately, there are…

Today, Windows 10 comes with Windows Defender, a native, comprehensive antivirus solution already integrated into…

What antivirus software comes with Windows 10?

To answer the question, ‘can antivirus software remove viruses’, we should first examine what antivirus…

Can Antivirus Remove Virus?

If Windows is your computer operating system, you’re in good company; according to statista.com, Windows…

Which is the best antivirus for Windows?

The alarming proliferation of malware and cyber attacks, reported almost daily in the news, has…

What antivirus do I need?

It’s been over 40 years since the Creeper computer virus, made its appearance, and although…

Is an antivirus necessary?

So you’ve finally decided on the antivirus (AV) software you want to install and are…

Will antivirus software remove existing viruses?

Hackers are always looking for security holes so that they can install malware on your…

Which Antivirus is Best for Laptops?

If you perform a Google search to find out which antivirus is good, the search…

Which antivirus is good?

The first question people usually ask about antivirus (AV) software, is ‘do I really need…

How do you know what antivirus to use?

Windows 10 was first launched in 2015, but it wasn’t until January 2018 that it…

Which Antivirus is Best for Windows 7

For a very long time, it was widely promulgated that Apple computers didn’t get infected…

What antivirus does Apple use?

Cybercrime is on the rise; it is becoming increasingly ubiquitous and menacing. From private individuals,…

Which antivirus should I buy?

Antivirus, aka anti-virus, aka anti-malware, aka security software, has been around since 1971, and yes,…

What do antivirus do?

Cybercrime is a global phenomenon and India has been just as affected by it as…

Which antivirus is best for PCs in India

Pretty much anyone who uses the Internet today has heard of computer viruses and malware…

How Antivirus Protects Your Data

The right to privacy has a long, sometimes contentious history, but today it is recognized…

Can small businesses really keep their data private?

Happy Valentine’s Day to all the cyber criminals in the world! …said no small business…

Small businesses need some Valentine’s Day love too

You can’t make this stuff up. One Sunday last year, Gillian Franklin, owner of Heat…

7 Cybersecurity Beauty Hacks You Need to Know!

Browser extensions enhance our online experience, adding functionalities and features to our favorite browsers. However, amidst the vast array of extensions, there exists a potential threat: malicious browser extensions.

The latest report from ReasonLabs, [*The Cashback Extension Killer*](https://reasonlabs.com/research/the-cashback-extension-killer), discusses a set of malicious web extensions disguised as fake VPNs, delivered by a [Trojan](https://cyberpedia.reasonlabs.com/EN/trojans.html) installer, and distributed through torrent files. They were then live on the Chrome Web Store for months, ultimately affecting over 2 million users! Google removed the active threats from the Chrome Web Store shortly after ReasonLabs researchers disclosed them.

Before we dive into the report’s findings, let’s define what an extension is, how you can recognize a malicious extension, and crucially, how to prevent these digital intruders from compromising your online security.
## Understanding browser extensions
Browser extensions, also known as add-ons or plugins, are small software modules that extend the functionality of web browsers. They are designed to customize and improve your browsing experience by adding features, altering the appearance of websites, or enhancing productivity.

Users typically download browser extensions from official extension stores associated with their respective browsers. The following are the primary sources for downloading extensions for popular browsers:

- **Google Chrome**: [Chrome Web Store](https://chrome.google.com/webstore): This is the official extension store for Google Chrome. Users can find a wide range of extensions, apps, and themes vetted by Google for Chrome users.
- **Mozilla Firefox**: [Mozilla Add-Ons](https://addons.mozilla.org/): The official add-ons website for Mozilla Firefox. Users can discover and install a variety of extensions, themes, and plugins verified by Mozilla.
- **Microsoft Edge**: [Microsoft Edge Add-Ons](https://microsoftedge.microsoft.com/addons): The official extension store for Microsoft Edge. Users can explore and install extensions specifically designed for the Edge browser.
- **Apple Safari**: [Safari Extensions Gallery](https://developer.apple.com/safari/extensions/): Safari extensions can be found in the Safari Extensions Gallery. Users can explore and install extensions directly from within the Safari browser.
- **Opera**: [Opera Add-Ons](https://addons.opera.com/): The official extension store for the Opera browser. Users can find and install a variety of extensions and themes tailored for Opera.

It's important for users to be cautious and only download extensions from official stores. These stores have security measures in place to verify the authenticity and safety of extensions, reducing the risk of downloading malicious software. Avoid downloading extensions from third-party websites or untrusted sources to minimize security risks to your browser and device.
## The ReasonLabs Report: Fake VPNs and malicious extensions
Key findings from the report showed that numerous malicious web extensions were being delivered to users through a Trojan installer. The malicious installers installed one of at least three malicious web extensions for Google Chrome or Edge, claiming to be Virtual Private Networks (VPNs), which were active on the Chrome Web Store, ultimately being taken down after being notified by ReasonLabs.

The extensions were installed onto users’ browsers without their knowledge. They were mostly distributed through game torrents - instead of the installer delivering the games, they delivered malware instead. It’s supposed that the goal of the malicious extension code was financially-oriented, dealing with cashback and coupon activity and resulting in financial fraud.

## What is a Trojan installer and how can it install a malicious extension?
A Trojan installer is a type of [malware](https://cyberpedia.reasonlabs.com/EN/malware.htmlhttps://cyberpedia.reasonlabs.com/EN/malware.html) that disguises itself as a legitimate program or file but, once executed, delivers and installs malicious software onto a user's system without their knowledge or consent. Trojans are named after the ancient Greek story of the wooden horse used to infiltrate Troy, symbolizing how they deceive users by appearing harmless.

In the context of browser security, a Trojan installer can be used to install a malicious browser extension by exploiting vulnerabilities or tricking users into unknowingly granting permissions. This process is discussed in technical detail in the latest ReasonLabs report - but here is a general overview:

- **Deceptive download**: Users unknowingly download a seemingly harmless file, often disguised as a legitimate software update, cracked software, or a free utility. The Trojan installer is bundled with this seemingly innocuous file.
- **Social engineering**: The Trojan may employ [social engineering](https://cyberpedia.reasonlabs.com/EN/social%20engineering.html) tactics to convince users to execute the downloaded file. This could involve deceptive messages, fake software updates, or enticing offers.
- **Exploiting vulnerabilities**: Trojans often exploit vulnerabilities in the user's operating system or software to execute malicious code without detection. This can happen through unpatched security flaws.
- **Silent installation**: Once executed, the Trojan installer works silently in the background, avoiding detection by security software. It proceeds to install the malicious extension without the user's knowledge.
- **Browser exploitation**: The Trojan installer might leverage vulnerabilities in the browser itself to manipulate or bypass security mechanisms. This allows it to install the malicious extension without triggering alerts.
- **Unauthorized permissions**: In some cases, Trojans exploit the user's trust in the system to gain unauthorized permissions. This might involve manipulating the user into approving the installation of the extension or modifying browser settings.
- **Remote control**: The installed extension can establish a connection with a remote server controlled by the attacker. This enables the attacker to remotely control the compromised browser and execute further malicious actions.
## Recognizing a malicious extension
Learning to recognize a malicious extension can help prevent damage from being done to your device. We’ve rounded up some top points that you need to be aware of:

- **Unverified sources**: Stick to official extension stores, as listed above. Avoid downloading extensions from unverified websites, as these can host malicious versions.
- **Excessive permissions**: Legitimate extensions only request permissions necessary for their functionality. If an extension asks for excessive permissions unrelated to its purpose, it could be malicious.
- **User feedback**: Check user reviews and ratings in the extension store. If an extension has low ratings or numerous negative reviews citing security concerns, reconsider installing it.
- **Spike in popularity**: Malicious extensions might suddenly gain popularity due to deceptive marketing practices. Be cautious if an extension experiences an unexplained surge in downloads.
- **Behavioral changes**: If an extension alters your browser's behavior unexpectedly, such as redirecting your searches or injecting ads where it shouldn't, it may be malicious.
## How to prevent malicious and illegal extensions
As mentioned above, you should only download extensions from trusted sources and official stores - but there are some other steps you can take to prevent falling victim to illegal extensions:

- **Understand permissions**: Before installing an extension, carefully read and understand the permissions it requests. If they seem excessive or unrelated to their function, think twice.
- **Regularly review installed extensions**: Periodically review the extensions you've installed. If you no longer use one or are uncertain about its origin, remove it to minimize potential security risks.
- **Security updates**: Stay informed about security updates and issues related to browser extensions. Browser developers often release updates to address vulnerabilities.
- **Install cybersecurity software**: Employ reliable security software that includes browser protection. The [Online Security](https://reasonlabs.com/platform/products/online-security) extension from ReasonLabs provides tools that can help identify and block malicious extensions before they compromise your system.
- **Awareness is key**: Be aware of common tactics used by malicious extensions. Educate yourself on how to recognize potential threats to bolster your online security.

Browser extensions can be powerful tools, but vigilance is paramount. By understanding what constitutes a malicious extension and following preventive measures, you can navigate the web safely. Additionally, using a next-generation antivirus solution like [RAV Endpoint Protection](https://reasonlabs.com/platform/products/endpoint-protection) can protect you from threats like Trojan installers and more. For more information on current global cybersecurity threats, the [Online Security](https://reasonlabs.com/platform/products/online-security) browser extension, [RAV VPN](https://reasonlabs.com/platform/products/vpn) and other cybersecurity products from ReasonLabs, visit [reasonlabs.com](https://reasonlabs.com/platform/products/online-security).







The latest report from ReasonLabs, The Cashback Extension Killer, discusses a set of malicious web extensions disguised as fake VPNs, delivered by a Trojan installer, and distributed through torrent files, that were then live on the Chrome Web Store for months, ultimately affecting over 2 million users! What can we learn from this?

#Cybersecurity Threats

Fake VPNs: How To Prevent Them On Your Device

What Is A Keygen?: How To Safely Activate Software

What’s Fake Antivirus & Can It Trigger Rogue Security Software?

Webcam Security Camera: How To Tell If It Has Been Hacked