Trends and Lessons from Three Years Fighting Malicious Extensions
Authors:
Nav Jagpal, Eric Dingle, Jean-Philippe Gravel, Panayiotis Mavrommatis, Niels Provos, Moheeb Abu Rajab, and Kurt Thomas, Google
Abstract:
In this work we expose wide-spread efforts by criminals to abuse the Chrome Web Store as a platform for distributing malicious extensions. A central component of our study is the design and implementation of WebEval, the first system that broadly identifies malicious extensions with a concrete, measurable detection rate of 96.5%. Over the last three years we detected 9,523 malicious extensions: nearly 10% of every extension submitted to the store. Despite a short window of operation—we removed 50% of malware within 25 minutes of creation— a handful of under 100 extensions escaped immediate detection and infected over 50 million Chrome users. Our results highlight that the extension abuse ecosystem is drastically different from malicious binaries: miscreants profit from web traffic and user tracking rather than email spam or banking theft.
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
BibTeX
@inproceedings {190984,
author = {Nav Jagpal and Eric Dingle and Jean-Philippe Gravel and Panayiotis Mavrommatis and Niels Provos and Moheeb Abu Rajab and Kurt Thomas},
title = {Trends and Lessons from Three Years Fighting Malicious Extensions},
booktitle = {24th USENIX Security Symposium (USENIX Security 15)},
year = {2015},
isbn = {978-1-939133-11-3},
address = {Washington, D.C.},
pages = {579--593},
url = {https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/jagpal},
publisher = {USENIX Association},
month = aug
}
Twitter
Facebook
LinkedIn
Google+
YouTube
connect with us