13
views
0
recommends
+1 Recommend
0 collections
    0
    shares
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      Botnet in the Browser: Understanding Threats Caused by Malicious Browser Extensions

      Preprint

      ,

      Read this article at

      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          Browser extensions have been established as a common feature present in modern browsers. However, some extension systems risk exposing APIs which are too permissive and cohesive with the browser's internal structure, thus leaving a hole for malicious developers to exploit security critical functionality within the browser itself. In this paper, we raise the awareness of the threats caused by browser extensions by presenting a botnet framework based on malicious extensions installed in the user's browser, and an exhaustive range of attacks that can be launched in this framework. We systematically categorize, describe and implement these attacks against Chrome, Firefox and Firefox-for-Android, and verify experiments on Windows, Linux and Android systems. To the best of our knowledge, this paper presents to date the most comprehensive analysis about the threats of botnet in modern browsers due to the over-privileged capabilities possessed by browser extensions. We also discuss countermeasures to the identified problems.

          Related collections

          Most cited references 9

          • Record: found
          • Abstract: not found
          • Conference Proceedings: not found

          Your botnet is my botnet

            Bookmark
            • Record: found
            • Abstract: not found
            • Article: not found

            A Taxonomy of Botnet Behavior, Detection, and Defense

              Bookmark
              • Record: found
              • Abstract: not found
              • Article: not found

              Man-in-the-Middle Attack to the HTTPS Protocol

                Bookmark

                Author and article information

                Journal
                27 September 2017
                Article
                1709.09577

                http://arxiv.org/licenses/nonexclusive-distrib/1.0/

                Custom metadata
                cs.CR

                Comments

                Comment on this article