Andrei Cristian Serbanoiu Bitdefender
The increasing market share of add-on supporting browsers along with the ease of JavaScript development has created a new opportunity for malware developers. By exploiting the widespread belief that add-ons are benign, attackers try to gain access to users' sensitive information by developing cross-platform malicious extensions. Once installed, the apparently harmless extension may display the advertised functionality while it morphs into multiple types of threats that may compromise the user's privacy.
This paper assesses the scale of the phenomena and also presents the channels through which these types of threats propagate. The analysis continues by presenting the multiple social mechanisms that attackers have employed to persuade the users, tricking them into installing the dangerous add-ons and by doing that possibly compromising all the browser submitted data.
Furthermore, the paper stresses the dangers one exposes oneself to when installing an untrusted extension and emphasizes the vulnerabilities in the security measures imposed by the official extension repositories. Finally, we propose a means of detecting potentially dangerous add-ons based on code analysis and behavioural patterns exhibited by malicious add-ons.
