Browser extensions or plugins are small programs that can add functionality and customize aspects of internet browsers. They can be installed directly or through a browser's app store. Extensions generally have access and permissions to everything that the browser can access. (Citation: Wikipedia Browser Extension) (Citation: Chrome Extensions Definition)Malicious extensions can be installed into a browser through malicious app store downloads masquerading as legitimate extensions, through social engineering, or by an adversary that has already compromised a system. Security can be limited on browser app stores so may not be difficult for malicious extensions to defeat automated scanners and be uploaded. (Citation: Malicious Chrome Extension Numbers) Once the extension is installed, it can browse to websites in the background, (Citation: Chrome Extension Crypto Miner) (Citation: ICEBRG Chrome Extensions) steal all information that a user enters into a browser, to include credentials, (Citation: Banker Google Chrome Extension Steals Creds) (Citation: Catch All Chrome Extension) and be used as an installer for a RAT for persistence. There have been instances of botnets using a persistent backdoor through malicious Chrome extensions. (Citation: Stantinko Botnet) There have also been similar examples of extensions being used for command & control (Citation: Chrome Extension C2 Malware).
Supported Platforms: Linux, Windows, macOS
-
Navigate to chrome://extensions and tick 'Developer Mode'.
-
Click 'Load unpacked extension...' and navigate to Browser_Extension
-
Click 'Select'
Supported Platforms: Linux, Windows, macOS
-
Navigate to https://chrome.google.com/webstore/detail/minimum-viable-malicious/odlpfdolehmhciiebahbpnaopneicend in Chrome
-
Click 'Add to Chrome'
Create a file called test.wma, with the duration of 30 seconds
Supported Platforms: Linux, Windows, macOS
-
Navigate to about:debugging and click "Load Temporary Add-on"
-
Navigate to manifest.json
-
Then click 'Open'