Spying on the browser: dissecting the design of malicious extensions

Abstract

Browsers are a vital component of every computer system as they serve as the interface to the Internet. However, the extensible nature of browsers has facilitated the proliferation of malware infections. In this article, we examine the design of malicious extensions used to steal information from browsers in order to conduct illegal transactions. The focus is on Mozilla's Firefox – but other browsers that share these characteristics will also share similar vulnerabilities. Browsers are a vital component of every computer system as they serve as the interface to the Internet, explain Aditya Sood and Richard Enbody. However, the extensible nature of browsers has facilitated the proliferation of malware infections. Malicious extensions are nothing but a piece of malicious code that installs itself as an inline component in the browser in order to exploit browser capabilities. Since a browser is an integral part of the client-side framework, extensions are platform independent because these extensions communicate with the operating systems using browser access rights. In general, malicious extensions exploit the browser's trust with the website when a user initiates a session. There have been incidents with Mozilla's Firefox browser where malicious extensions were used to steal sensitive information, and bank fraud is one of the targets for these malicious extensions.