Are they Toeing the Line? Diagnosing Privacy Compliance Violations among Browser Extensions

Ling, Yuxi; Wang, Kailong; Bai, Guangdong; Wang, Haoyu; Dong, Jin Song

doi:10.1145/3551349.3560436

Cited by 8 publications

(1 citation statement)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Somé et al [73] constructed a static analyzer and have identified 197 vulnerable extensions which allow the web applications to abuse their privileges including accessing APIs and sensitive user data. Prior to this work, the misuse of excessive permissions has raised attention from the research community [30,48,57,75]. Various techniques have been proposed to detect such vulnerabilities [7].…”

Section: Related Workmentioning

confidence: 99%

Characterizing Cryptocurrency-themed Malicious Browser Extensions

Wang

Ling

Zhang

et al. 2022

Proc. ACM Meas. Anal. Comput. Syst.

Self Cite

View full text Add to dashboard Cite

Due to the surging popularity of various cryptocurrencies in recent years, a large number of browser extensions have been developed as portals to access relevant services, such as cryptocurrency exchanges and wallets. This has stimulated a wild growth of cryptocurrency themed malicious extensions that cause heavy financial losses to the users and legitimate service providers. They have shown their capability of evading the stringent vetting processes of the extension stores, highlighting a lack of understanding of this emerging type of malware in our community. In this work, we conduct the first systematic study to identify and characterize cryptocurrency-themed malicious extensions. We monitor seven official and third-party extension distribution venues for 18 months (December 2020 to June 2022) and have collected around 3600 unique cryptocurrency-themed extensions. Leveraging a hybrid analysis, we have identified 186 malicious extensions that belong to five categories. We then characterize those extensions from various perspectives including their distribution channels, life cycles, developers, illicit behaviors, and illegal gains. Our work unveils the status quo of the cryptocurrency-themed malicious extensions and reveals their disguises and programmatic features on which detection techniques can be based. Our work serves as a warning to extension users, and an appeal to extension store operators to enact dedicated countermeasures. To facilitate future research in this area, we release our dataset of the identified malicious extensions and open-source our analyzer.

show abstract