Skip to content
View in the app

A better way to browse. Learn more.
Enpass Discussion Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
We’re on Reddit now, Come and join us there!!

Polymorphic Malicious Browser Extensions?

just
in Data Security

Featured Replies

I found this video:  https://www.youtube.com/watch?v=oWtR8vqbYX4 about polymorphic extension malware (there are also articles written about it). 
I'm wondering how big or likely a threat this is for using a browser extension for a password manager and if there is anything than can be done to protect yourself, other than not using a g a browser extension for a password manager.  Would the trick still work if you only had your extension for a password manager as the only  extension on your browser?   



 

  • 2 weeks later...
On 3/18/2025 at 7:09 AM, just said:

I found this video:  https://www.youtube.com/watch?v=oWtR8vqbYX4 bitlife about polymorphic extension malware (there are also articles written about it). 
I'm wondering how big or likely a threat this is for using a browser extension for a password manager and if there is anything than can be done to protect yourself, other than not using a g a browser extension for a password manager.  Would the trick still work if you only had your extension for a password manager as the only  extension on your browser?   

Polymorphic malicious browser extensions pose a risk, even for password managers. Limiting your extensions to just one reduces the risk, but it doesn’t eliminate it entirely. Protect yourself by using trusted extensions, keeping them updated, and monitoring permissions. For extra security, consider using a separate password manager app instead of a browser extension.

At Enpass, security is our top priority, and we continuously monitor emerging threats to ensure our users' data remains protected. While browser extensions introduce some level of exposure, Enpass follows strict security protocols to mitigate risks:

  • No Cloud Storage of Data – Enpass stores vaults locally or on user-chosen cloud services, reducing exposure to potential breaches.

  • Encrypted Communication – Our extension communicates with the Enpass app through an encrypted channel, preventing unauthorized access.

  • Strict Extension Permissions – The Enpass extension operates with minimal required permissions to function securely.

  • Code Signing & Integrity Checks – Official Enpass extensions are signed and verified to prevent tampering.

To further enhance security while using the extension, we recommend:

  • Installing extensions only from official sources.

  • Regularly reviewing installed extensions and their permissions.

  • Keeping your browser, operating system, and Enpass updated.

  • Using a separate browser profile for added isolation if needed.

Create an account or sign in to comment
Go to topic listing

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.