BSidesSF 2018 has ended
Back To Schedule
Monday, April 16 • 3:30pm - 4:00pm
Unraveling the Threat of Chrome Based Malware

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Most leading web browsers, including Google Chrome, offer users the ability to install extensions, web based applications that have the ability to execute javascript/HTML in the context of the browser. Software extensibility is both a cherished feature by end users to enhance their application experience, and in the case of Chrome extensions, also a potential threat to the security of the networks in which they are used. Many organizations simply accept the risk of user control over browser extensions with few controls and no auditing. This talk will present a technical analysis of an (allegedly) friendly Chrome extension that enabled a potentially massive click fraud campaign with over 200k+ users in its short lifetime. We will explore more broadly how Chrome extensions function and can be used maliciously to enable remote compromise of an enterprise network. Next, we will demonstrate the potential impact of a malicious Chrome extensions by demoing custom extensions and releasing sample techniques. Finally, we will discuss methods to which organizations can identify, detect, hunt, and control the use of extensions in their enterprise. We hope the audience will no longer face this threat unprepared.


Spencer Walden

Member, Security Research Team (SRT), ICEBRG
Spencer Walden is an ICEBRG intern emeritus and a current member of the Security Research Team (SRT). He has primarily been focused on detection research and tracking criminal threat groups, most notably FIN7. Spencer is a graduate of the University of Washington where he studied... Read More →

Justin Warner

Security Engineer, ICEBRG
Justin Warner (@sixdub) is a Security Engineer at ICEBRG where he researches and develops network threat detection capabilities while also regularly assisting partners in performing network forensics during incident response engagements. Justin is an Air Force Academy graduate, former... Read More →

Monday April 16, 2018 3:30pm - 4:00pm PDT