Characterizing Cryptocurrency-themed Malicious Browser Extensions-Reference-Cited by-同舟云学术

Characterizing Cryptocurrency-themed Malicious Browser Extensions

Published:2022-12 Issue:3 Volume:6 Page:1-31
ISSN:2476-1249
Container-title:Proceedings of the ACM on Measurement and Analysis of Computing Systems
language:en
Short-container-title:Proc. ACM Meas. Anal. Comput. Syst.

Author:

Wang Kailong¹^ORCID,Ling Yuxi²^ORCID,Zhang Yanjun³^ORCID,Yu Zhou⁴^ORCID,Wang Haoyu⁵^ORCID,Bai Guangdong⁶^ORCID,Ooi Beng Chin²^ORCID,Dong Jin Song²^ORCID

Affiliation:

1. Huazhong University of Science and Technology & National University of Singapore, Singapore, Singapore

2. National University of Singapore, Singapore, Singapore

3. Deakin University, Geelong, VIC, Australia

4. Beijing University of Posts and Telecommunications, Beijing, China

5. Huazhong University of Science and Technology, Wuhan, China

6. University of Queensland, Brisbane, QLD, Australia

Abstract

Due to the surging popularity of various cryptocurrencies in recent years, a large number of browser extensions have been developed as portals to access relevant services, such as cryptocurrency exchanges and wallets. This has stimulated a wild growth of cryptocurrency themed malicious extensions that cause heavy financial losses to the users and legitimate service providers. They have shown their capability of evading the stringent vetting processes of the extension stores, highlighting a lack of understanding of this emerging type of malware in our community. In this work, we conduct the first systematic study to identify and characterize cryptocurrency-themed malicious extensions. We monitor seven official and third-party extension distribution venues for 18 months (December 2020 to June 2022) and have collected around 3600 unique cryptocurrency-themed extensions. Leveraging a hybrid analysis, we have identified 186 malicious extensions that belong to five categories. We then characterize those extensions from various perspectives including their distribution channels, life cycles, developers, illicit behaviors, and illegal gains. Our work unveils the status quo of the cryptocurrency-themed malicious extensions and reveals their disguises and programmatic features on which detection techniques can be based. Our work serves as a warning to extension users, and an appeal to extension store operators to enact dedicated countermeasures. To facilitate future research in this area, we release our dataset of the identified malicious extensions and open-source our analyzer.

Funder

Singapore Ministry of Education Academic Research Fund Tier 3

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Networks and Communications,Hardware and Architecture,Safety, Risk, Reliability and Quality,Computer Science (miscellaneous)

Link

https://dl.acm.org/doi/pdf/10.1145/3570603

Reference93 articles.

1. AdBlock. 2009. https://getadblock.com. (2009). AdBlock. 2009. https://getadblock.com. (2009).

2. Add-on Policies. Visited in July 2022 . https://extensionworkshop.com/documentation/publish/add-on-policies. ( Visited in July 2022). Add-on Policies. Visited in July 2022. https://extensionworkshop.com/documentation/publish/add-on-policies. ( Visited in July 2022).

3. Address Checker . Visited in July 2022 . http://addresschecker.eu. ( Visited in July 2022). Address Checker. Visited in July 2022. http://addresschecker.eu. ( Visited in July 2022).

4. Alternative Extension Distribution Options . Visited in July 2022 . https://developer.chrome.com/docs/extensions/mv3/external_extensions. ( Visited in July 2022). Alternative Extension Distribution Options. Visited in July 2022. https://developer.chrome.com/docs/extensions/mv3/external_extensions. ( Visited in July 2022).

5. AST Explorer . Visited in July 2022 . https://astexplorer.net. ( Visited in July 2022). AST Explorer. Visited in July 2022. https://astexplorer.net. ( Visited in July 2022).

Cited by 4 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Revealing and Analyzing the Visual Scams of Cryptocurrency Wallets;Proceedings of the ACM Turing Award Celebration Conference - China 2023;2023-07-28

2. Understanding and Tackling Label Errors in Deep Learning-Based Vulnerability Detection (Experience Paper);Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis;2023-07-12

3. Characterizing Cryptocurrency-themed Malicious Browser Extensions;ACM SIGMETRICS Performance Evaluation Review;2023-06-26

4. Characterizing Cryptocurrency-themed Malicious Browser Extensions;Abstract Proceedings of the 2023 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems;2023-06-19