Finding malicious Chrome extensions

A short while back, I launched [https://chrome-stats.com/](https://chrome-stats.com/) to analyze Chrome extensions in Chrome Web Store. Using these data, I am now able to identify some potentially malicious Chrome extensions. I have incorporated some of the logics used in this blog post with Brian Krebs ([https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/](https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/)) to provide a "Safety" metrics for each Chrome extension. I am hoping that this will help users identify risky extensions sooner since Google typically takes a while before they removed a bad extension.

Do you know/remember any malicious Chrome extension recently? I am looking for data points to see measure how well my algorithm is in detecting bad Chrome extensions.

4 thoughts on “Finding malicious Chrome extensions”

  1. Malicious extensions always use many locales so that they can use different keywords in different locales. This way the extension shows up in search results no matter if the search is relevant or not. To find these extensions you need to get both description and store listing and see which one uses extensive keywords in different locales. Also, you can find many just by searching for a famous keyword (e.g. https://chrome.google.com/webstore/search/ublock)

    Reply
  2. btw, you can evaluate the weekly user count and if it is unusually higher than average most likely something is going on!

    Reply

Leave a Comment