Detecting Spying and Fraud Browser Extensions: Short Paper

Abstract

Due to the flaws in policy followed by web browsers for granting permissions to browser extensions and due to a lack of effective static and dynamic detection systems for identifying malicious extensions uploaded on the web stores, malicious browser extensions have become the easiest way to carry out phishing, spying, fraud and other kinds of advanced attacks. This paper identifies and analyzes a subset of these attacks which can be performed with the use of malicious browser extensions (using Google Chrome) and discusses the research gaps of the existing prevention and detection schemes to adequately defend against these attacks. An initial set of malicious signatures responsible for cyber fraud and spying is identified during the study. We use this set of signatures to develop a lightweight malicious extension detection system which can alert users of suspected spying or fraud extensions installed on the Chrome browser on a PC. Results show that the proposed detection system performs better than known malicious extension detectors such as Chrome Cleanup tool and Chrome safeguard tool.