| Browser extension is a piece of code that extends the functionality of a web browser in some way, making browsing more efficient and convenient. However, the powerful capabilities of browser extensions, can also cause security risk even act as malware. Compared with traditional malware, a browser extension with malicious purposes has the same privileges as its host application and is easier to cross platforms, which promise to be very desirable to attackers. Therefore, it is a challenge to defend against such kind of malware.In this paper, we first introduce the development of browser extension in aspects of browser extension’s usage and penetration as well as its function improvement. At the same time, we describe threats a browser extension malware may bring to the user. Then, we introduce some key and popular technologies on browser extension in order to characterize browser-based malware better. From the perspective of defense, we proposed a possible design of such a browser malware and implement CBRS(Cross Platform Browser-based Remote Control System) for mainstream browsers and mainstream OS with the aim to study the development feasibility of such malware and illustrate their potential threats. CBRS can communicate with a remote server, download executable files, execute them upon initiation and even be used to collect sensitive information about the user.The goal of our work is to increase the understanding of such kind of advanced browser-based malware we built, which will promote the development of more efficient countermeasures. At the end of this paper,we give some feasible defences suggestions against the emerging threat,make a summary of browser-based malware’s behavior pattern, and then propose a defense architecture. |
PDF Full Text Request