10 Percent of Chrome Extensions May Be Malicious
A number of Chrome browser extensions may be up to no good -- and researchers have found a way to detect them.
Up to 10 percent of Google Chrome browser extensions may be up to no good. Of 48,332 Chrome extensions, 130 were found to be seriously malicious, and another 4,712 labeled "suspicious," by six computer science experts at the University of California's Berkeley, Santa Barbara and San Diego campuses.
The researchers have also developed Hulk — not the gamma-irradiated superhero — which is a piece of software for detecting malicious behavior in Chrome browsers. They will present their findings tomorrow (Aug. 21) at the USENIX Security Symposium in San Diego.
MORE: Best PC Antivirus Software 2014
The malicious extensions detected in the study exhibited a wide range of behavior, including affiliate fraud (when buyers are tricked into paying false commissions on purchases), credential theft, malicious JavaScript injections and generation of spam on social networks.
Malicious Chrome extensions aren't limited to the bottom of the barrel; one has over 5.5 million installations, the researchers said. That's where Hulk comes into play.
Hulk works in two ways. First, it creates "HoneyPages," Web pages specially crafted to trick an extension into displaying its malicious behavior. A common technique among cybercriminals is to create malicious Web pages designed to exploit browser vulnerabilities and infect computers. Hulk's HoneyPages use a similar idea, but to protect a computer instead of compromise it.
Second, Hulk built a "fuzzer," an automated script that tests each Chrome extension by throwing more than 1 million different URLs at it to see if it exhibits any strange behavior. (Fuzzing software with random data is a tried-and-true reliability-testing technique.)
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Coincidentally, security researchers at Malwarebytes identified a suspicious extension that pretends to be a legitimate Evernote Web extension for the Chrome, Torch and Comodo Dragon browsers, all of which are based on the open-source Chromium browser. The fake extension tricks browsers into thinking it's the real Evernote Web app, but it actually fills your browser with unwanted advertisements.
The University of California researchers may not make Hulk available to the public, as it's more of a research tool than a prevention tool. However, their USENIX paper on the study outlines several changes Google could make to its Chrome browser in order to keep users safer from malicious plugins.
- Best Android Antivirus Software 2014
- How to Survive a Data Breach
- Mobile Security Guide: Everything You Need to Know
Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.
Jill Scharr is a creative writer and narrative designer in the videogame industry. She's currently Project Lead Writer at the games studio Harebrained Schemes, and has also worked at Bungie. Prior to that she worked as a Staff Writer for Tom's Guide, covering video games, online security, 3D printing and tech innovation among many subjects.
-
ingtar33 yet as an IT professional i spend all day long debugging all the viral extensions on IE and rarely any time with chrome.Reply
i'm willing to bet the number of bad extensions for IE far outnumber them for chrome or firefox. frankly it's very RARE i find a virus hiding in chrome extensions (there are some out there, but i'll find those same extensions on IE so it's not platform specific)... with IE it's one of the first places i look. -
damianrobertjones yet as an IT professional i spend all day long debugging all the viral extensions on IE and rarely any time with chrome.
Then as an 'I.T. Pro' you might want to have a look at your firewall and/or amend your I.T. policy to keep people away from the rubbish.
P.s. I'm also an I.T. Pro. -
ingtar33 yet as an IT professional i spend all day long debugging all the viral extensions on IE and rarely any time with chrome.
Then as an 'I.T. Pro' you might want to have a look at your firewall and/or amend your I.T. policy to keep people away from the rubbish.
P.s. I'm also an I.T. Pro.
some clients are well protected some aren't. unless you're going to start to claim that little old grannies that call looking to get their computer working right should even know about this stuff i'm pretty sure i'll keep running into this.
-
pizzapeter I guess the store just needs stricter monitoring and protection on it if the figure is that high!Reply -
waethorn Meanwhile, this very website has fakeware bundler downloads pushed through ads served by AdChoices (a Google company)Reply