An analysis by security researchers of 48,000 extensions for Google's Chrome browser uncovered many that are used for fraud and data theft, actions that are mostly undetectable to regular users.
The study, due to be
presented Thursday at the Usenix Security Symposium in San Diego, forecasts growing security problems around extensions as cybercriminals tap into the rich data contained in Web browsers for profit.
They found 130 outright malicious extensions and 4,712 suspicious ones, engaged in a variety of affiliate fraud, credential theft, advertising fraud and social network abuse.
"By installing an extension, you will not see any malicious behavior," said Alexandros Kapravelos, a doctoral candidate at the University of California at Santa Barbara, in a phone interview. "You need to visit specific pages to trigger the malicious behavior."
