Browser Extensions on Rise

Monday, November 5, 2012 @ 08:11 AM gHale

There are browsers out there that can end up tricked into using extensions that can give hackers the ability to hijack the user’s session, spy on webcams, upload and download files, and in the newer mobile-device area, hack into Google Android phones.

Up until one year ago, only 10 of these browsers malicious extensions existed, but this year has seen 49 new ones already, said Zoltan Balazs, IT security consultant at Deloitte Hungary during the Hacker Halted Conference in Miami.

BEAST still tackles SSL servers
New Attack Hijacks HTTPS Sessions
Report: Mobile Technology Crime on Rise
Malware Continues to Rise

“It’s skyrocketing,” Balazs said of what he calls these “zombie browsers.” He faulted antivirus vendors for not addressing the issue at all.

“Even after two years, none of the antivirus vendors detect these,” he said, adding wants them “to try harder on detecting malicious extensions.”

Balazs explained how malicious extensions in Firefox, Chrome and Safari have been created by attackers that try to get them added to the user’s browser through Web-based drive-by downloads or infected attachments.

The end result is these extensions could give the attacker a way to steal data or spy on you, he said.

His advice: Set controls on applications and that will help, plus in Chrome it’s possible to control the extensions the user can use.

Leave a Reply

You must be logged in to post a comment.