Sign in with
Sign up | Sign in

10 Percent of Chrome Extensions May Be Malicious

By - Source: Tom's Guide US | B 8 comments

Chrome Browser. Credit: GoogleChrome Browser. Credit: Google

Up to 10 percent of Google Chrome browser extensions may be up to no good. Of 48,332 Chrome extensions, 130 were found to be seriously malicious, and another 4,712 labeled "suspicious," by six computer science experts at the University of California's Berkeley, Santa Barbara and San Diego campuses.

The researchers have also developed Hulk — not the gamma-irradiated superhero — which is a piece of software for detecting malicious behavior in Chrome browsers. They will present their findings tomorrow (Aug. 21) at the USENIX Security Symposium in San Diego.

MORE: Best PC Antivirus Software 2014

The malicious extensions detected in the study exhibited a wide range of behavior, including affiliate fraud (when buyers are tricked into paying false commissions on purchases), credential theft, malicious JavaScript injections and generation of spam on social networks.

Malicious Chrome extensions aren't limited to the bottom of the barrel; one has over 5.5 million installations, the researchers said. That's where Hulk comes into play.

Hulk works in two ways. First, it creates "HoneyPages," Web pages specially crafted to trick an extension into displaying its malicious behavior. A common technique among cybercriminals is to create malicious Web pages designed to exploit browser vulnerabilities and infect computers. Hulk's HoneyPages use a similar idea, but to protect a computer instead of compromise it.

Second, Hulk built a "fuzzer," an automated script that tests each Chrome extension by throwing more than 1 million different URLs at it to see if it exhibits any strange behavior. (Fuzzing software with random data is a tried-and-true reliability-testing technique.)

Coincidentally, security researchers at Malwarebytes identified a suspicious extension that pretends to be a legitimate Evernote Web extension for the Chrome, Torch and Comodo Dragon browsers, all of which are based on the open-source Chromium browser. The fake extension tricks browsers into thinking it's the real Evernote Web app, but it actually fills your browser with unwanted advertisements. 

The University of California researchers may not make Hulk available to the public, as it's more of a research tool than a prevention tool. However, their USENIX paper on the study outlines several changes Google could make to its Chrome browser in order to keep users safer from malicious plugins.

Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.

Discuss
Add a comment
Ask a Category Expert
React To This Article

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

  • 4 Hide
    dovah-chan , August 20, 2014 2:12 PM
    it's a shame when the browser itself is malicious - to your privacy.
  • -4 Hide
    mortsmi7 , August 20, 2014 2:17 PM
    This is why I use IE11 instead of Chrome.
  • 1 Hide
    dovah-chan , August 20, 2014 3:25 PM
    I myself use Nightly.
  • Add your comment Display all 8 comments.
  • 1 Hide
    ingtar33 , August 20, 2014 5:14 PM
    yet as an IT professional i spend all day long debugging all the viral extensions on IE and rarely any time with chrome.

    i'm willing to bet the number of bad extensions for IE far outnumber them for chrome or firefox. frankly it's very RARE i find a virus hiding in chrome extensions (there are some out there, but i'll find those same extensions on IE so it's not platform specific)... with IE it's one of the first places i look.
  • 1 Hide
    damianrobertjones , August 21, 2014 1:51 AM
    Quote:
    yet as an IT professional i spend all day long debugging all the viral extensions on IE and rarely any time with chrome.


    Then as an 'I.T. Pro' you might want to have a look at your firewall and/or amend your I.T. policy to keep people away from the rubbish.

    P.s. I'm also an I.T. Pro.
  • 0 Hide
    ingtar33 , August 21, 2014 2:19 AM
    Quote:
    Quote:
    yet as an IT professional i spend all day long debugging all the viral extensions on IE and rarely any time with chrome.


    Then as an 'I.T. Pro' you might want to have a look at your firewall and/or amend your I.T. policy to keep people away from the rubbish.

    P.s. I'm also an I.T. Pro.


    some clients are well protected some aren't. unless you're going to start to claim that little old grannies that call looking to get their computer working right should even know about this stuff i'm pretty sure i'll keep running into this.
  • 0 Hide
    pizzapeter , August 23, 2014 3:31 PM
    I guess the store just needs stricter monitoring and protection on it if the figure is that high!
  • 0 Hide
    waethorn , August 25, 2014 10:57 AM
    Meanwhile, this very website has fakeware bundler downloads pushed through ads served by AdChoices (a Google company)
React To This Article

Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter