Malicious browser extensions pose a serious threat and defenses are lacking

Although the number of malicious browser extensions has significantly increased in the past year many security products fail to offer adequate protection against them, while others are simply not designed to do so, according to a security researcher.

Attackers have already used such extensions to perform click fraud by inserting rogue advertisements into websites or by hijacking search queries, but research has shown that this type of malware has the potential to cause much more damage.

Last year Zoltan Balazs, an IT security consultant with professional services firm Deloitte in Hungary, created a proof-of-concept malicious extension that could be controlled remotely by an attacker and could steal authentication credentials, hijack accounts, modify locally displayed Web pages, take screenshots through the computer’s webcam, bypass two-factor authentication systems and even download and execute malicious files on a victim’s computer.

And last week the ENISA (European Union Agency for Network and Information Security) warned in its midyear report: “An increase in malicious browser extensions has been registered, aimed at taking over social network accounts.”

Scary 88) Thanks for the link :-TU

Are we safe from malicious browser extensions, or would they be allowed because a trusted application (the browser) is launching them?

That’s what I was wondering. I presume they would be allowed.

That’s what I think as well. 88)

The browser must limit what extensions can do. Some browsers do that better than others: Chrome is the most secured browser - new study • The Register (Dec. 2011)

I do run Firefox fully vurtualized so hopefully that should prevent any damage.

We are building a browser extension protection tool…give us some time…:slight_smile:

Great news. :-TU
Looking forward to it. Thanks Melih.

Damage to what? Yes, it will prevent permanent damage to the system outside the virtual environment, but will it prevent damage to the current Firefox-session?

What scares me most is the possible tampering of legid extensions as shown on the last page of the article.

During a presentation Saturday at the Hacker Halted USA 2013 security conference, Balazs demonstrated how malware can insert backdoors into legitimate extensions and the effects this can have on the user's security. For his demonstration he backdoored the LastPass extension for Firefox.

Great! Can’t wait! ;D :rocks: