network – How to mitigate against malicious browser extensions that rely on rtkit-daemon and dbus for remote control?

I lately noticed that my web browser (latest Firefox) is acting strange: form field content is getting deleted, text randomly marked and the system suddenly crashes as if the device is remotely controlled and overloaded.

Checking my system logs (Ubuntu), I found a couple of suspicious entries. Every time the browser seems to be remote controlled, I find the following entries in syslog:

Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9689) dhcp4 (lan0): option dhcp_lease_time      => '3600'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9690) dhcp4 (lan0): option domain_name          => 'My-I-S-Provider.com.'
Jul 16 11:44:45 MyComputer dbus-daemon(813): (system) Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-disp>
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9690) dhcp4 (lan0): option domain_name_servers  => '192.168.0.1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9690) dhcp4 (lan0): option expiry               => '1626450285'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9690) dhcp4 (lan0): option host_name            => 'MyComputer'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9691) dhcp4 (lan0): option ip_address           => '192.168.0.226'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9691) dhcp4 (lan0): option next_server          => '192.168.0.1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9691) dhcp4 (lan0): option requested_broadcast_address => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9691) dhcp4 (lan0): option requested_domain_name => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9691) dhcp4 (lan0): option requested_domain_name_servers => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9691) dhcp4 (lan0): option requested_domain_search => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9692) dhcp4 (lan0): option requested_host_name  => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9692) dhcp4 (lan0): option requested_interface_mtu => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9692) dhcp4 (lan0): option requested_ms_classless_static_routes => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9692) dhcp4 (lan0): option requested_nis_domain => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9692) dhcp4 (lan0): option requested_nis_servers => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9692) dhcp4 (lan0): option requested_ntp_servers => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9693) dhcp4 (lan0): option requested_rfc3442_classless_static_routes => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9693) dhcp4 (lan0): option requested_root_path  => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9693) dhcp4 (lan0): option requested_routers    => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9693) dhcp4 (lan0): option requested_static_routes => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9693) dhcp4 (lan0): option requested_subnet_mask => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9694) dhcp4 (lan0): option requested_time_offset => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9694) dhcp4 (lan0): option requested_wpad       => '1'
Jul 16 11:44:45 MyComputer NetworkManager(815): <info>  (1626446685.9694) dhcp4 (lan0): option routers              => '192.168.0.1'
Jul 16 11:44:46 MyComputer NetworkManager(815): <info>  (1626446685.9694) dhcp4 (lan0): option subnet_mask          => '255.255.255.0'
Jul 16 11:44:46 MyComputer NetworkManager(815): <info>  (1626446685.9694) dhcp4 (lan0): state changed extended -> extended
Jul 16 11:44:46 MyComputer systemd(1): Starting Network Manager Script Dispatcher Service...
Jul 16 11:44:46 MyComputer dbus-daemon(813): (system) Successfully activated service 'org.freedesktop.nm_dispatcher'
Jul 16 11:44:46 MyComputer systemd(1): Started Network Manager Script Dispatcher Service.
Jul 16 11:44:56 MyComputer systemd(1): NetworkManager-dispatcher.service: Succeeded.

I interpret this as a remote session that is being created. Is it possible to tell if this session is created directly on the device or if the local router is infected and involved?

When the browser is overloaded and crashes, I notice the following or similar entries:

Jul 16 14:46:23 MyComputer rtkit-daemon(1031): Supervising 4 threads of 3 processes of 1 users.

Also the network adapter was suddenly shutting down several times:

Jul 16 16:21:38 MyComputer dbus-daemon(835): (system) Activating systemd to hand-off: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.13' (uid=0 pid=836 comm="/usr/sbin/NetworkManager --no-daemon " label="unconfined")
Jul 16 16:23:47 MyComputer systemd(1): dbus.service: Found left-over process 835 (dbus-daemon) in control group while starting unit. Ignoring.
Jul 16 16:23:47 MyComputer dbus-daemon(3060): (system) Activating systemd to hand-off: service name='org.freedesktop.RealtimeKit1' unit='rtkit-daemon.service' requested by ':1.45' (uid=1000 pid=6629 comm="/usr/lib/firefox/firefox -contentproc -childID 60 " label="unconfined")

I was able to temporarily deactivate rtkit-daemon and dbus with systemctl stop / disable, but they would automatically switch back on after some time.

Is it possible to permanently deactivate those daemons without impacting the functionality of the rest of the system?

Clamav and chrootkit scan did not show any relevant findings.

I appreciate your feedback and advice.