Researcher Demonstrates Remotely Controlled Malware as Browser Extensions

choosing-web-browsers
choosing-web-browsers

Today there are many useful browser plugins and extensions are available to make our work faster and better. We use many plugins for our security like virtual keyboard, proxy etc.

But we need to be careful while going to use an extension or plugin in our browsers. Because there are few browser extensions that are developed with malicious intent. These extensions are used to generate revenue by serving ads or for spreading malicious files. These extensions have the ability to spy your browser data and activity. And there are fully undetectable by all the latest antivirus software.

Security researcher Zoltan Balazs has developed and showcased a new kind of remote-controlled piece of malware that functions as a browser extension. This nice browse extension is capable of doing many malicious tasks on the users browser. These task includes modifying Web pages to show ads or other info, downloading and executing malicious files on computer, hijacking accounts (by stealing cookis), bypassing two step authentication method for security enforced by some websites (Facebook, Gmail, drop box and many other), and much more tasks.

Firefox version add-on is also capable of stealing the password from the built-in password manager of the browser. Firefox extension also works on Firefox for Android devices with lack of some features due to some operating system restriction.

The Chrome version of the extension cannot be used to download, upload or execute files at the moment. “There are ways to do this, but I didn’t have time to implement them yet,” Balazs said.

He also planned to release the source code of this malware in the GitHub during a presentation at the Hacker Halted security conference in Miami next Tuesday.

The researcher has also created extensions and add-ons for Chrome, Firefox and Safari to show the proof of concept. He also added that a version for Internet Explorer can also be developed for the Internet Explorer too. He will also demonstrate how this can be used to bypass the Google’s two step verification security mechanism.

“One of my colleagues wrote a distributed password hash cracker module for Chrome’s Native Client, so this means that we can send the hashes to the victim’s browser and we can use the computer’s CPUs to crack them,” Balazs said.

He further added that a browser infected with this extension can also be controlled as a botnet client because this looks like normal HTTP traffic initiated by the browser. This makes it really hard for local or network-level firewalls to block it.

Spreading of this extension is also not so hard. Social engineering is the best way to reach up to millions of Internet users.

Advertisement