Case Study: Tackling Extension Infections with a Budget-Friendly Scratch Project
Backgound: Following a notification from a company that fell victim to a supply chain attack, where attackers compromised their Chrome extension, I realized the importance of addressing this issue. While I have discussed the potential threats stemming from such attack vectors in previous articles (Article 1 and Article 2), this recent incident prompted me to share a project with the cybersecurity community. The project is designed to help organizations/firms with limited budgets and resources effectively combat this type of attack .
Recent supply chain story: The attacker injected a typo-squatted domain into the extension for future malicious actions. However, the victim organization discovered the compromise before any significant damage occurred. Upon further investigation, other researchers also identified additional signs of compromise in other extensions.
Project Important Points: - Threat modeling for extensions - Implement in technical scope
Threat modeling for extensions: - Attacker Injecting typo domain - Attacker Injecting non typo domains - Attacker injecting js component which at least allow to work with encoded string - Attacker compromising emails which was in source code - Attacker injecting over permission access capability
Implement in technical scope: First, place the extension file in CRX format into the 'extensions' folder. In the next step, run the script to check for the existence of the files. Then, the script will unarchive the CRX file and extract it to another location. After extraction, the script will check the 'manifest.json' for the presence of permission scopes, extract all domains and IP addresses, identify functions responsible for encoding/decoding , and extract any email addresses found within. Project Scratch Github URL
Conclusion: As cybersecurity defenders, it is our responsibility not only to take defensive actions but also to manage the budget effectively to achieve desired results. This project can help in understanding core solutions while also saving resources for similar tasks.