Trends and Lessons from Three Years Fighting Malicious Extensions
Venue
USENIX Security Symposium (2015)
Publication Year
2015
Authors
Nav Jagpal, Eric Dingle, Jean-Philippe Gravel, Panayiotis Mavrommatis, Niels Provos, Moheeb Abu Rajab, Kurt Thomas
BibTeX
Abstract
In this work we expose wide-spread efforts by criminals to abuse the Chrome Web
Store as a platform for distributing malicious extensions. A central component of
our study is the design and implementation of WebEval, the first system that
broadly identifies malicious extensions with a concrete, measurable detection rate
of 96.5%. Over the last three years we detected 9,523 malicious extensions: nearly
10% of every extension submitted to the store. Despite a short window of
operation---we removed 50% of malware within 25 minutes of creation---a handful of
under 100 extensions escaped immediate detection and infected over 50 million
Chrome users. Our results highlight that the extension abuse ecosystem is
drastically different from malicious binaries: miscreants profit from web traffic
and user tracking rather than email spam or banking theft.
