The PerimeterX Research Team recently discovered a string of incidents tied to LNKR. Previously discovered by researchers in 2016 and making a comeback this summer, LNKR has reappeared and is continuing to attack websites going into the holiday season.
For the complete details, please read the technical research blog by Ben Baryo.
What is LNKR?
What is a Browser Extension?
The Impact to E-commerce Business and Shoppers
There are hundreds of thousands of browser extensions. Some are malicious and bring malware with them, which can pose serious threats to both privacy and security.
When visiting a site, a consumer expects a smooth and trusted experience, but malicious ads and malware can result in the exact opposite. The average consumer typically doesn’t understand what they are getting when they add an extension to their browser. They believe malicious ads and malware come from the site owner - a belief that can really damage the site’s brand reputation.
The malware downloaded on the shopper’s browser follows them as they browse the internet. When visiting other sites in the future, the malware shows up, further interrupting their experience. Since much of this behavior happens on the client side, website owners have no visibility into any of it.
Take These Steps Before you Become a Target for Attackers
Online shoppers should conduct an audit of their current Chrome browser extensions and uninstall any suspicious ones. It’s important to stay cautious and look for warning signs when downloading extensions in the future. These warning signs include checking popularity of the extensions, including number of users and reviews. Extensions with only a few hundred users, and few or no reviews, should be considered suspicious. Users should also pay close attention to the permissions an extension requests. If it requires any privileged access, such as to read or change data, or access to a broad set of sites one visits, it might be best to pass. Consumers should also keep their browsers updated and use anti-virus and endpoint security solutions.
For more information on protecting your digital business from browser extensions, read The HIdden Threat to Your Website Conversions white paper.
Cybersecurity researchers at PerimeterX continue to investigate application security technologies to make the online experience safer for users. To stay updated on emerging threat research, subscribe to the PerimeterX blog.