Analyzing and understanding in depth malicious browser extensions

Presenter: Alexandros Kapravelos
Date: 30 June 2016


In this talk I’m going to present Hulk, a dynamic analysis system that detects malicious behavior in browser extensions by monitoring their execution and corresponding network activity. Hulk’s novelty derives from how it elicits malicious behavior in extensions with dynamic pages that adapt to an extension’s expectations in web page structure and content and by fuzzing extensions event handlers. The second part of the talk is going to be focused on a particular malicious activity deriving from browser extensions: ad injection. In our experiments we found that ad injection is affecting more than 5% of the daily unique IP addresses accessing Google, affecting this way tens of millions of users around the globe.

Alexandros Kapravelos is an Assistant Professor in the Department of Computer Science at North Carolina State University. His research interests lie in the area of computer security and he is particularly interested in browser security and building systems that solve security problems. In the past, he was the lead developer of Wepawet, a publicly available system that detects drive-by downloads with the use of an emulated browser, and Revolver, a system that detects evasive drive-by download attempts. He is currently interested in internet-wide attacks that compromise the users’ security, building scalable systems to protect users and improving privacy on the web.