u/ElBuio

Hello all,

I’m building ExterminAI, a project focused on analyzing browser extensions for suspicious or malicious behavior. I posted here before and got useful feedback, so I wanted to ask a more specific question:

Before installing a browser extension, what would you personally want to check?

At the moment, ExterminAI checks things like:

- URLs and IPs contacted by the extension
- Hardcoded URLs and IPs in the code
- Requested permissions
- Extension source/code access
- Matches against a database of known malicious extensions
- Suspicious behavior patterns
- Script injection indicators
- IOCs checked against VirusTotal
- Obfuscated code detection

The analysis uses both static and dynamic checks. There is also an ML-based classification layer trained on my current extension dataset, but I treat that as one signal alongside the behavioural findings rather than a final verdict.

I’m trying to understand what developers, security people, and regular extension users actually care about before trusting an extension.

Some ideas I’m considering and have been recommended before:
- Permission changes between versions
- Whether the extension was recently sold/transferred
- Tracking whether an extension has been removed from the store

What else would be genuinely useful?

Project: https://exterminai.com/

I had a really motivating moment recently.

I was at a friend’s house showing them ExterminAI, so I installed the companion extension on their browser and scanned their installed extensions. One of them came back flagged red.

We looked into it together, reviewed what the extension was doing, and I showed them the public article/report linked to that extension. After that, they removed it from their browser.

Like many people, they had never really checked what extensions they had installed or whether any of them had become risky over time.

Seeing something I built actually help someone in a real situation was a massive motivation boost. Small moment, but it reminded me why I started working on this.

Hello all,

I wanted to share a project I originally built for my final year thesis called ExterminAI.

The topic was malicious browser extensions, and while researching it I realised there were very few public tools focused on analysing extensions specifically. I kept working on it after graduating, and I’ve now released the latest version:https://exterminai.com/

It performs static and dynamic analysis on browser extensions to help identify suspicious behaviour.

I also spent few months building a public database of known malicious browser extensions all fully automated, since I couldn’t find a solid open dataset when I was doing the thesis: https://github.com/GherardoFiori/MaliciousBrowserExtensions

I hope this database of CRX files can help others work on similar projects.

Important: that repository contains malicious samples. Do not download or run anything unless you know how to handle malware safely.

I’ve released a small companion Chrome extension for ExterminAI: https://chromewebstore.google.com/detail/exterminai-malicious-exte/mbmaeljobaiaghkkilalaafolgidnfoi

Right now, it checks your installed extensions against the ExterminAI malicious browser extension database and alerts you if there is a match. The scans can be automated if you would like, alerts you with a small red icon.

This is an early version, but I wanted to release the first useful part instead of waiting until everything is fully built.

As I work through all the recommendations and suggestions I got, one piece of feedback that kept coming up was automation. That is the direction I want to take this extension next: connecting your installed extensions with ExterminAI so future versions can support automated scans, alerts, and reports directly from the browser.

Would genuinely appreciate feedback on the tool, detection approach, or ideas for improving it.

Hello all!

I’ve released a small companion Chrome extension for ExterminAI.

Right now, it checks your installed extensions against the ExterminAI malicious browser extension database and alerts you if there is a match. The scans can be automated if you would like, alerts you with a small red icon.

This is an early version, but I wanted to release the first useful part instead of waiting until everything is fully built.

As I work through all the recommendations and suggestions I got (Thank you everyone!), one piece of feedback that kept coming up was automation. That is the direction I want to take this extension next: connecting your installed extensions with ExterminAI so future versions can support automated scans, alerts, and reports directly from the browser.

Try it out here:
https://chromewebstore.google.com/detail/exterminai-malicious-exte/mbmaeljobaiaghkkilalaafolgidnfoi

Feedback is welcome as I keep improving it.

https://preview.redd.it/2wdecn04mozg1.png?width=1280&format=png&auto=webp&s=5e4d03839e0b1a25da49e5d6ae0fff7035a49507

https://preview.redd.it/8t2xkuv5mozg1.png?width=1280&format=png&auto=webp&s=4ad31843cb49e57ea473c92911934c28095218ef

Hello all,

I wanted to share a project I originally built for my final year thesis called ExterminAI.

The topic was malicious browser extensions, and while researching it I realised there were very few public tools focused on analysing extensions specifically. I kept working on it after graduating, and I’ve now released the latest version:https://exterminai.com/

It performs static and dynamic analysis on browser extensions to help identify suspicious behaviour.

I also spent few months building a public database of known malicious browser extensions all fully automated, since I couldn’t find a solid open dataset when I was doing the thesis: https://github.com/GherardoFiori/MaliciousBrowserExtensions

I hope this database of CRX files can help others work on similar projects.

Important: that repository contains malicious samples. Do not download or run anything unless you know how to handle malware safely.

Would genuinely appreciate feedback on the tool, detection approach, or ideas for improving it.

Hello all,

I wanted to share a project I originally built for my final year thesis called ExterminAI.

The topic was malicious browser extensions, and while researching it I realised there were very few public tools focused on analysing extensions specifically. I kept working on it after graduating, and I’ve now released the latest version:https://exterminai.com/

It performs static and dynamic analysis on browser extensions to help identify suspicious behaviour.

I also spent few months building a public database of known malicious browser extensions all fully automated, since I couldn’t find a solid open dataset when I was doing the thesis: https://github.com/GherardoFiori/MaliciousBrowserExtensions

I hope this database of CRX files can help others work on similar projects.

Important: that repository contains malicious samples. Do not download or run anything unless you know how to handle malware safely.

Would genuinely appreciate feedback on the tool, detection approach, or ideas for improving it.