Browser add-ons: what do they really add on?

Andrei Cristian Serbanoiu Bitdefender

The increasing market share of add-on supporting browsers along with the ease of JavaScript development has created a new opportunity for malware developers. By exploiting the widespread belief that add-ons are benign, attackers try to gain access to users' sensitive information by developing cross-platform malicious extensions. Once installed, the apparently harmless extension may display the advertised functionality while it morphs into multiple types of threats that may compromise the user's privacy.

This paper assesses the scale of the phenomena and also presents the channels through which these types of threats propagate. The analysis continues by presenting the multiple social mechanisms that attackers have employed to persuade the users, tricking them into installing the dangerous add-ons and by doing that possibly compromising all the browser submitted data.

Furthermore, the paper stresses the dangers one exposes oneself to when installing an untrusted extension and emphasizes the vulnerabilities in the security measures imposed by the official extension repositories. Finally, we propose a means of detecting potentially dangerous add-ons based on code analysis and behavioural patterns exhibited by malicious add-ons.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.