Hulk: Eliciting Malicious Behavior in Browser Extensions

TitleHulk: Eliciting Malicious Behavior in Browser Extensions
Publication TypeConference Paper
Year of Publication2014
AuthorsKapravelos A, Grier C, Chachra N, Kruegel C, Vigna G, Paxson V
Other Numbers3691
Abstract

We present Hulk, a dynamic analysis system that detects malicious behavior in browser extensions by monitoring their execution and corresponding network activity. Hulk elicits malicious behavior in extensions in twoways. First, Hulk leveragesHoneyPages, which are dynamic pages that adapt to an extension’s expectations inweb page structure and content. Second, Hulk employsafuzzerto drive the numerous event handlers that modern extensions heavily rely upon. We analyzed 48K extensions from the Chrome Web store, driving each withover 1M URLs. We identify a number of malicious extensions, including one with 5.5 million affected users,stressing the risks that extensions pose for today’s websecurity ecosystem, and the need to further strengthenbrowser security to protect user data and privacy.

Acknowledgment

This work was partially supported by funding provided to ICSI through National Science Foundation grants CNS : 0831535 (“Comprehensive Application Analysis and Control”) and CNS : 1237265 (``Beyond Technical Security: Developing an Empirical Basis for Socio-Economic Perspectives"). Additional funding was provided by by the Office of Naval Research (ONR) under grant N000140911042, the ArmyResearch Office (ARO) under grant W911NF0910553, by Secure Business Austria, and by generous gifts from Google. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors or originators and do not necessarily reflect the views of the sponsors.

URLhttp://www.icir.org/vern/papers/hulk-usesec14.pdf
Bibliographic Notes

Proceedings of the 23rd USENIX Security Symposium, San Diego, California

Abbreviated Authors

A. Kapravelos, C. Grier, N. Chachra, C. Kruegel, G. Vigna and V. Paxson

ICSI Research Group

Networking and Security

ICSI Publication Type

Article in conference proceedings