Analysis reveals many malicious Chrome extensions
Posted on 20 August 2014.
An analysis of 48,332 browser extensions from the Chrome web store has revealed 130 outright malicious and 4,712 suspicious extensions, some of which have been downloaded by millions of users.

"The amount of critical and private data that web browsers mediate continues to increase, and naturally this data has become a target for criminals. In addition, the webís advertising ecosystem offers opportunities to profit by manipulating a userís everyday browsing behavior," the researchers noted in the paper detailing their findings.

"As a result, malicious browser extensions have become a new threat, as criminals realize the potential to monetize a victimís web browsing session and readily access web-related content and private data."

To analyze the extensions, the researchers used Hulk, a dynamic analysis system of their own making, which flushes out the extensions' malicious behaviour.

"First, Hulk leverages HoneyPages, which are dynamic pages that adapt to an extensionís expectations in web page structure and content," they explained. Second, Hulk employs a fuzzer to drive the numerous event handlers that modern extensions heavily rely upon."

Among the malicious extensions they found, some perpetrated affiliate fraud and credential theft, others performed ad injection or replacement, and others still abused social networks for spamming.

The researchers also offered a set of recommendations that would prevent some of these attacks, and they hope Google will implement them.


Credential manager system used by Cisco, IBM, F5 has been breached

Pearson VUE is part of Pearson, the world's largest learning company. Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Nov 25th