Tens of millions of users who visit Google sites use a browser loaded with malicious add-ons, research suggests.
Most rogue extensions bombard people with ads, but the most malicious steal login names and other valuable data.
Carried out by security experts and Google, the project analysed more than 100 million visits to the search giant's sites.
It led to Google purging almost 200 bad extensions from its online catalogues of browser add-ons.
Bad behaviour?
Extensions and add-ons for web browsers add all kinds of functions and features to the software.
Many of these extensions have hidden extras that cause trouble for people who install them, said UC Santa Barbara computer scientist Alexandros Kapravelos, who worked with Google on the rogue extensions project.
The research found that malicious extensions were available for every major browser.
The findings are due to be published in full in May at the IEEE Symposium on Security and Privacy.
Preliminary results revealed that 5% of people accessing Google every day have been caught out by at least one malicious extension.
Of these victims, about a third have four or more bad add-ons installed in their browser.
"It is a very hard problem to deal with," said Mr Kapravelos.
Some bad extensions were easy to spot, he said, because they were so obviously written to steal saleable data such as bitcoins, bank logins or personal data.
However, many used techniques seen in legitimate extensions, he said, and it took a lot of extra analysis to pin down the bad ones.
"Even when we have a complete understanding of what the extension is doing, sometimes it is not clear if that behaviour is malicious or not," he said.
"You would expect that an extension that injects or replaces advertisements is malicious, but then you have AdBlock that creates an ad-free browsing experience and is technically very similar."
Experts from Swedish security firm ScrapeSentry said it had found examples of extensions that gathered data in ways that could easily be abused.
Read more Click here / www.advante360.com
No comments:
Post a Comment