Characterizing Cryptocurrency-themed Malicious Browser Extensions

Wang, K; Ling, Y; Zhang, Y; Yu, Z; Wang, H; Bai, G; Ooi, BC; Dong, JS

Characterizing Cryptocurrency-themed Malicious Browser Extensions

Wang, K Ling, Y Zhang, Y

Yu, Z Wang, H Bai, G Ooi, BC Dong, JS

Permalink

Publisher:: Association for Computing Machinery (ACM)
Publication Type:: Journal Article
Citation:: Performance Evaluation Review, 2023, 51, (1), pp. 91-92
Issue Date:: 2023-06-19

Open Access

Copyright Clearance Process

Recently Added
In Progress
Open Access

This item is open access.

Adobe PDF

Download Published versionAdobe PDF (3.54 MB)

View on publisher's site

View statistics

Full metadata record

Field	Value	Language
dc.contributor.author	Wang, K
dc.contributor.author	Ling, Y
dc.contributor.author	Zhang, Y https://orcid.org/0000-0001-5611-3483
dc.contributor.author	Yu, Z
dc.contributor.author	Wang, H
dc.contributor.author	Bai, G
dc.contributor.author	Ooi, BC
dc.contributor.author	Dong, JS
dc.date.accessioned	2024-03-11T04:03:04Z
dc.date.available	2024-03-11T04:03:04Z
dc.date.issued	2023-06-19
dc.identifier.citation	Performance Evaluation Review, 2023, 51, (1), pp. 91-92
dc.identifier.issn	0163-5999
dc.identifier.uri	http://hdl.handle.net/10453/176461
dc.description.abstract	Due to the surging popularity of various cryptocurrencies in recent years, a large number of browser extensions have been developed as portals to access relevant services, such as cryptocurrency exchanges and wallets. This has stimulated a wild growth of cryptocurrency-themed malicious extensions that cause heavy financial losses to the users and legitimate service providers. They have shown their capability of evading the stringent vetting processes of the extension stores, highlighting a lack of understanding of this emerging type of malware in our community. In this work, we conduct the first systematic study to identify and characterize cryptocurrency-themed malicious extensions. We monitor seven official and third-party extension distribution venues for 18 months (December 2020 to June 2022) and have collected around 3600 unique cryptocurrency-themed extensions. Leveraging a hybrid analysis, we have identified 186 malicious extensions that belong to five categories. We then characterize those extensions from various perspectives including their distribution channels, life cycles, developers, illicit behaviors, and illegal gains. Our work unveils the status quo of the cryptocurrency-themed malicious extensions and reveals their disguises and programmatic features on which detection techniques can be based. Our work serves as a warning to extension users, and an appeal to extension store operators to enact dedicated countermeasures. To facilitate future research in this area, we release our dataset of the identified malicious extensions and open-source our analyzer.
dc.language	en
dc.publisher	Association for Computing Machinery (ACM)
dc.relation.ispartof	Performance Evaluation Review
dc.relation.isbasedon	10.1145/3606376.3593529
dc.rights	info:eu-repo/semantics/openAccess
dc.subject.classification	Networking & Telecommunications
dc.title	Characterizing Cryptocurrency-themed Malicious Browser Extensions
dc.type	Journal Article
utslib.citation.volume	51
pubs.organisational-group	University of Technology Sydney
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
utslib.copyright.status	open_access	*
dc.date.updated	2024-03-11T04:03:03Z
pubs.issue	1
pubs.publication-status	Published
pubs.volume	51
utslib.citation.issue	1

Abstract:

Due to the surging popularity of various cryptocurrencies in recent years, a large number of browser extensions have been developed as portals to access relevant services, such as cryptocurrency exchanges and wallets. This has stimulated a wild growth of cryptocurrency-themed malicious extensions that cause heavy financial losses to the users and legitimate service providers. They have shown their capability of evading the stringent vetting processes of the extension stores, highlighting a lack of understanding of this emerging type of malware in our community. In this work, we conduct the first systematic study to identify and characterize cryptocurrency-themed malicious extensions. We monitor seven official and third-party extension distribution venues for 18 months (December 2020 to June 2022) and have collected around 3600 unique cryptocurrency-themed extensions. Leveraging a hybrid analysis, we have identified 186 malicious extensions that belong to five categories. We then characterize those extensions from various perspectives including their distribution channels, life cycles, developers, illicit behaviors, and illegal gains. Our work unveils the status quo of the cryptocurrency-themed malicious extensions and reveals their disguises and programmatic features on which detection techniques can be based. Our work serves as a warning to extension users, and an appeal to extension store operators to enact dedicated countermeasures. To facilitate future research in this area, we release our dataset of the identified malicious extensions and open-source our analyzer.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/176461