Researchers discover 10% of Chrome extensions could be malicious

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Researchers examining the security of web browsers have uncovered that nearly 10% of extensions for Google Chrome could be used for data theft. Even more concerning, the behavior of malicious extensions is undetectable to end users, and the permission system doesn't always make it clear what an add-on will do to your browser.

Of the 48,000 Chrome extensions the researchers tested, 130 were labeled as being outright and definitively malicious. These extensions were found to perform a variety of dodgy actions, including credential and data theft, advertising and affiliate fraud, and abuse of a user's social networks.

A further 4,712 extensions were described as suspicious. One of these suspicious extensions was downloaded by more than 5.5 million people, and installs a tracking beacon that sends information on your browsing activity to a remote server, without encryption. This behavior wasn't labeled as malicious by the research team, but with unknown intentions it could be risky to use.

Some other suspicious extensions were found to modify the URLs of some shopping websites, such as Amazon, to insert an affiliate link. This behavior could earn money for the extension's creator, but commits affiliate fraud along the way. Other extensions replaced or injected ads into websites, again so the extension's creator could earn money.

To discover the dodgy extensions, the researchers developed a detection engine called Hulk, that closely monitors how extensions react with specific "HoneyPages" created by the team. Luckily, very few extensions were found to interfere with online banking.

Read more: http://www.techspot.com/news/57803-...-of-chrome-extensions-could-be-malicious.html
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top