Characterizing Cryptocurrency-themed Malicious Browser Extensions
نویسندگان
چکیده
Due to the surging popularity of various cryptocurrencies in recent years, a large number browser extensions have been developed as portals access relevant services, such cryptocurrency exchanges and wallets. This has stimulated wild growth themed malicious that cause heavy financial losses users legitimate service providers. They shown their capability evading stringent vetting processes extension stores, highlighting lack understanding this emerging type malware our community. In work, we conduct first systematic study identify characterize cryptocurrency-themed extensions. We monitor seven official third-party distribution venues for 18 months (December 2020 June 2022) collected around 3600 unique Leveraging hybrid analysis, identified 186 belong five categories. then those from perspectives including channels, life cycles, developers, illicit behaviors, illegal gains. Our work unveils status quo reveals disguises programmatic features on which detection techniques can be based. serves warning users, an appeal store operators enact dedicated countermeasures. To facilitate future research area, release dataset open-source analyzer.
منابع مشابه
Hulk: Eliciting Malicious Behavior in Browser Extensions
We present Hulk, a dynamic analysis system that detects malicious behavior in browser extensions by monitoring their execution and corresponding network activity. Hulk elicits malicious behavior in extensions in two ways. First, Hulk leverages HoneyPages, which are dynamic pages that adapt to an extension’s expectations in web page structure and content. Second, Hulk employs a fuzzer to drive t...
متن کاملEffective detection of vulnerable and malicious browser extensions
Unsafely coded browser extensions can compromise the security of a browser, making them attractive targets for attackers as a primary vehicle for conducting cyber-attacks. Among others, the three factors making vulnerable extensions a high-risk security threat for browsers include: i) the wide popularity of browser extensions, ii) the similarity of browser extensions with web applications, and ...
متن کاملSpying on the browser: dissecting the design of malicious extensions
8 Network Security May 2011 circumnavigation talk, and also assumes that usage is only taking place in areas of pervasive filtering. It does not, for example, allow for the many people who will use such tools in less filtered countries to access video content on sites that restrict it to domestic users for copyright reasons. Many people use HotspotShield to get to video sites such as Hulu or to...
متن کاملMalicious Browser Extensions at Scale: Bridging the Observability Gap between Web Site and Browser
Browser extensions enhance the user experience in a variety of ways. However, to support these expanded services, extensions are provided with elevated privileges that have made them an attractive vector for attackers seeking to exploit Internet services. Such attacks are particularly vexing for the sites being abused because there is no standard mechanism for identifying which extensions are r...
متن کاملBotnet in the Browser: Understanding Threats Caused by Malicious Browser Extensions
Browser extensions have been established as a common feature present in modern browsers. However, some extension systems risk exposing APIs which are too permissive and cohesive with the browser’s internal structure, thus leaving a hole for malicious developers to exploit security critical functionality within the browser itself. In this paper, we raise the awareness of the threats caused by br...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Proceedings of the ACM on measurement and analysis of computing systems
سال: 2022
ISSN: ['2476-1249']
DOI: https://doi.org/10.1145/3570603