InfoSec Seminar: Analyzing and understanding in depth malicious browser extensions

Speaker: Alexandros Kapravelos

Date/Time: 27-Nov-2015, 15:00 UTC




In this talk I’m going to present Hulk, a dynamic analysis system that detects malicious behavior in browser extensions by monitoring their execution and corresponding network activity. Hulk’s novelty derives from how it elicits malicious behavior in extensions with dynamic pages that adapt to an extension’s expectations in web page structure and content and by fuzzing extensions event handlers. The second part of the talk is going to be focused on a particular malicious activity deriving from browser extensions: ad injection. In our experiments we found that ad injection is affecting more than 5% of the daily unique IP addresses accessing Google, affecting this way tens of millions of users around the globe.


Kapravelos received his Ph.D. in computer science from University of California, Santa Barbara in 2015. He is the lead developer of Wepawet, a publicly available system that detects drive-by downloads with the use of an emulated browser, and Revolver, a system that detects evasive drive-by download attempts. Currently, he studies how the web changes on the client side via browser extensions and how we can protect the browser from malicious client-side attacks. He is also interested in Internet privacy and browser fingerprinting specifically, where he is working on making Internet users less distinctive while they browse the web.

This page was last modified on 27 Mar 2014.