According to BlockBeats, Twitter users have recently suffered losses exceeding $1 million due to the hijacking of browser cookies by the Aggr plugin installed on the Chrome browser. Browser plugins, or extensions, are essentially tools that users delegate to handle a portion of web page information. However, they can not only access and modify original web page information but also obtain location, read/modify clipboard, read cookies/history, take screenshots, and record keystrokes. This means that these plugins can not only obtain information like cookies but also directly determine what web pages we see.
Web-based attacks occurring in the browser are generally unrecognizable by system security mechanisms, and the browser cannot identify whether the plugin's access is permitted by the user. Therefore, theoretically, browser plugin attacks are harder to recognize than client software attacks.
The GoPlus security team advises users to enhance their security awareness and use browser plugins safely by following these methods:
1. Do not use plugins (extensions) of unknown origin, only download plugins from the official market.
2. Even official plugins may be tampered with by hackers, such as directly replacing the installation package or supply chain attacks, etc. During use, be sure to control access permissions, do not grant unnecessary permissions, do not default to read/change website data on all websites, set plugin permissions to 'when you click this extension' or 'on specific websites' can effectively prevent malicious extensions from obtaining cookies.
3. Isolate the plugin browser and the transaction fund browser.
4. Try not to log in to the exchange via the web page, use incognito browsing for sensitive operations, log out immediately when not using the trading web page, and regularly clear browser cache and cookies.