{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,11]],"date-time":"2026-04-11T13:06:50Z","timestamp":1775912810653,"version":"3.50.1"},"reference-count":53,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2024,3,31]],"date-time":"2024-03-31T00:00:00Z","timestamp":1711843200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,3,31]],"date-time":"2024-03-31T00:00:00Z","timestamp":1711843200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Autom Softw Eng"],"published-print":{"date-parts":[[2024,5]]},"DOI":"10.1007\/s10515-024-00430-3","type":"journal-article","created":{"date-parts":[[2024,3,31]],"date-time":"2024-03-31T07:01:38Z","timestamp":1711868498000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["WalletRadar: towards automating the detection of vulnerabilities in browser-based cryptocurrency wallets"],"prefix":"10.1007","volume":"31","author":[{"given":"Pengcheng","family":"Xia","sequence":"first","affiliation":[]},{"given":"Yanhui","family":"Guo","sequence":"additional","affiliation":[]},{"given":"Zhaowen","family":"Lin","sequence":"additional","affiliation":[]},{"given":"Jun","family":"Wu","sequence":"additional","affiliation":[]},{"given":"Pengbo","family":"Duan","sequence":"additional","affiliation":[]},{"given":"Ningyu","family":"He","sequence":"additional","affiliation":[]},{"given":"Kailong","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Tianming","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Yinliang","family":"Yue","sequence":"additional","affiliation":[]},{"given":"Guoai","family":"Xu","sequence":"additional","affiliation":[]},{"given":"Haoyu","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,3,31]]},"reference":[{"key":"430_CR23","unstructured":"A Guide to Wallet Security and Best Practices. https:\/\/www.algorand.foundation\/wallet-security-best-practices (2022)"},{"key":"430_CR37","unstructured":"beautify-web\/js-beautify: Beautifier for javascript - GitHub. https:\/\/github.com\/beautify-web\/js-beautify (2022)"},{"key":"430_CR16","unstructured":"Bitcoin - Open source P2P money. https:\/\/bitcoin.org\/en\/ (2022)"},{"key":"430_CR28","unstructured":"Calzavara, S., Roth, S., Rabitti, A., Backes, M., Stock, B.: A tale of two headers: a formal analysis of inconsistent $$\\{\\text{Click-Jacking}\\}$$ protection on the web. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 683\u2013697 (2020)"},{"key":"430_CR42","unstructured":"Chrome Web Store. https:\/\/chrome.google.com\/webstore\/category\/extensions?hl=en (2023)"},{"key":"430_CR7","unstructured":"Check Point Research Detects Vulnerability in the Everscale Blockchain Wallet, Preventing Cryptocurrency Theft. https:\/\/research.checkpoint.com\/2022\/check-point-research-detects-vulnerability-in-the-everscale-blockchain-wallet-preventing-cryptocurrency-theft\/ (2022)"},{"key":"430_CR50","doi-asserted-by":"crossref","unstructured":"Chen, Q., Kapravelos, A.: Mystique: Uncovering information leakage from browser extensions. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1687\u20131700 (2018)","DOI":"10.1145\/3243734.3243823"},{"key":"430_CR17","unstructured":"CoinMarketCap: Cryptocurrency Prices, Charts And Market. https:\/\/coinmarketcap.com\/ (2023)"},{"key":"430_CR5","unstructured":"Coinbase Wallet - Your key to the world of crypto. Coinbase Wallet - Your key to the world of crypto (2023)"},{"key":"430_CR8","unstructured":"CPR Alerts Crypto Wallet Users of Massive Search Engine Phishing Campaign That Has Resulted in at Least Half a Million Dollars Being Stolen. https:\/\/research.checkpoint.com\/2021\/cpr-alerts-crypto-wallet-users-of-massive-search-engine-phishing-campaign-that-has-resulted-in-at-least-half-a-million-dollars-being-stolen\/ (2022)"},{"key":"430_CR1","unstructured":"Crypto Market Sizing Report H1 2023. https:\/\/crypto.com\/research\/crypto-market-sizing-report-h1-2023 (2023)"},{"key":"430_CR22","unstructured":"Crypto Wallet Security \u2013 A Complete Guide. https:\/\/www.appsealing.com\/crypto-wallet-security\/ (2022)"},{"key":"430_CR12","unstructured":"Double trouble: crypto-stealing DoubleFinger. https:\/\/www.kaspersky.com\/blog\/doublefinger-crypto-stealer\/48418\/ (2023)"},{"key":"430_CR41","unstructured":"Dom-based XSS. https:\/\/portswigger.net\/web-security\/cross-site-scripting\/dom-based (2022)"},{"key":"430_CR47","doi-asserted-by":"crossref","unstructured":"Eriksson, B., Picazo-Sanchez, P., Sabelfeld, A.: Hardening the security analysis of browser extensions. In: Proceedings of the 37th ACM\/SIGAPP Symposium on Applied Computing, pp. 1694\u20131703 (2022)","DOI":"10.1145\/3477314.3507098"},{"key":"430_CR38","unstructured":"Esprima. https:\/\/esprima.org\/ (2022)"},{"key":"430_CR18","unstructured":"From \\$900 to \\$20,000: Bitcoin\u2019s Historic 2017 Price Run Revisited. https:\/\/www.coindesk.com\/markets\/2017\/12\/29\/from-900-to-20000-bitcoins-historic-2017-price-run-revisited\/ (2017)"},{"key":"430_CR2","unstructured":"FTX to start U.S. bankruptcy proceedings, CEO to exit. https:\/\/www.reuters.com\/business\/ftx-scrambles-funds-regulators-take-action-2022-11-11\/ (2022)"},{"key":"430_CR31","doi-asserted-by":"publisher","first-page":"512","DOI":"10.1007\/s13198-015-0376-0","volume":"8","author":"S Gupta","year":"2017","unstructured":"Gupta, S., Gupta, B.B.: Cross-site scripting (xss) attacks and defense mechanisms: classification and state-of-the-art. Int. J. Syst. Assur. Eng. Manag. 8, 512\u2013530 (2017)","journal-title":"Int. J. Syst. Assur. Eng. Manag."},{"key":"430_CR53","doi-asserted-by":"crossref","unstructured":"Guri, M.: Beatcoin: leaking private keys from air-gapped cryptocurrency wallets. In: 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 1308\u20131316 (2018). IEEE","DOI":"10.1109\/Cybermatics_2018.2018.00227"},{"issue":"6","key":"430_CR21","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1109\/MNET.011.2000025","volume":"34","author":"D He","year":"2020","unstructured":"He, D., Li, S., Li, C., Zhu, S., Chan, S., Min, W., Guizani, N.: Security analysis of cryptocurrency wallets in android-based applications. IEEE Netw. 34(6), 114\u2013119 (2020)","journal-title":"IEEE Netw."},{"key":"430_CR20","doi-asserted-by":"crossref","unstructured":"Hu, Y., Wang, S., Tu, G.-H., Xiao, L., Xie, T., Lei, X., Li, C.-Y.: Security threats from bitcoin wallet smartphone applications: Vulnerabilities, attacks, and countermeasures. In: Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy, pp. 89\u2013100 (2021)","DOI":"10.1145\/3422337.3447832"},{"key":"430_CR29","unstructured":"Huang, L.-S., Moshchuk, A., Wang, H.J., Schecter, S., Jackson, C.: Clickjacking: attacks and defenses. In: 21st USENIX Security Symposium (USENIX Security 12), pp. 413\u2013428 (2012)"},{"key":"430_CR11","unstructured":"Hodlers beware! New malware targets MetaMask and 40 other crypto wallets. https:\/\/cointelegraph.com\/news\/hodlers-beware-new-malware-targets-metamask-and-40-other-crypto-wallets (2022)"},{"key":"430_CR51","unstructured":"Kariryaa, A., Savino, G.-L., Stellmacher, C., Sch\u00f6ning, J.: Understanding users\u2019 knowledge about the privacy and security of browser extensions. In: Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021), pp. 99\u2013118 (2021)"},{"issue":"1","key":"430_CR32","doi-asserted-by":"publisher","first-page":"7153","DOI":"10.1149\/10701.7153ecst","volume":"107","author":"S Kumar","year":"2022","unstructured":"Kumar, S., Pathak, S., Singh, J.: A comprehensive study of XSS attack and the digital forensic models to gather the evidence. ECS Transact. 107(1), 7153 (2022)","journal-title":"ECS Transact."},{"issue":"4","key":"430_CR33","first-page":"1009","volume":"25","author":"S Kumar","year":"2022","unstructured":"Kumar, S., Pathak, S., Singh, J.: An enhanced digital forensic investigation framework for XSS attack. J. Discr. Math. Sci. Cryptogr. 25(4), 1009\u20131018 (2022)","journal-title":"J. Discr. Math. Sci. Cryptogr."},{"key":"430_CR13","unstructured":"LummaC2 Stealer: A Potent Threat to Crypto Users. https:\/\/blog.cyble.com\/2023\/01\/06\/lummac2-stealer-a-potent-threat-to-crypto-users\/ (2023)"},{"key":"430_CR14","doi-asserted-by":"crossref","unstructured":"Li, C., He, D., Li, S., Zhu, S., Chan, S., Cheng, Y.: Android-based cryptocurrency wallets: attacks and countermeasures. In: 2020 IEEE International Conference on Blockchain (Blockchain), pp. 9\u201316 (2020). IEEE","DOI":"10.1109\/Blockchain50366.2020.00010"},{"key":"430_CR45","doi-asserted-by":"crossref","unstructured":"Lin, Y., Wen, G., Gao, X.: Automated fixing of web UI tests via iterative element matching. In: 2023 38th IEEE\/ACM International Conference on Automated Software Engineering (ASE), pp. 1188\u20131199 (2023). IEEE","DOI":"10.1109\/ASE56229.2023.00048"},{"key":"430_CR25","unstructured":"MetaMask Security Monthly: December 2022. https:\/\/metamask.io\/news\/security\/metamask-security-monthly-december-2022\/ (2022)"},{"key":"430_CR3","unstructured":"MetaMask: The crypto wallet for Defi, Web3 Dapps and NFTs. https:\/\/metamask.io\/ (2023)"},{"key":"430_CR43","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1007\/s10515-018-0246-5","volume":"26","author":"HV Nguyen","year":"2019","unstructured":"Nguyen, H.V., Phan, H.D., K\u00e4stner, C., Nguyen, T.N.: Exploring output-based coverage for testing PHP web applications. Autom. Softw. Eng. 26, 59\u201385 (2019)","journal-title":"Autom. Softw. Eng."},{"key":"430_CR24","unstructured":"OWASP Top 10. https:\/\/owasp.org\/Top10\/ (2022)"},{"issue":"5","key":"430_CR48","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1007\/s10664-023-10323-w","volume":"28","author":"JC Pazos","year":"2023","unstructured":"Pazos, J.C., L\u00e9gar\u00e9, J.-S., Beschastnikh, I.: XSNARE: application-specific client-side cross-site scripting protection. Empir. Softw. Eng. 28(5), 110 (2023)","journal-title":"Empir. Softw. Eng."},{"key":"430_CR46","doi-asserted-by":"crossref","unstructured":"Pan, J., Mao, X.: Detecting DOM-sourced cross-site scripting in browser extensions. In: 2017 IEEE International Conference on Software Maintenance and Evolution (ICSME), pp. 24\u201334 (2017). IEEE","DOI":"10.1109\/ICSME.2017.11"},{"key":"430_CR52","doi-asserted-by":"crossref","unstructured":"Praitheeshan, P., Pan, L., Doss, R.: Security evaluation of smart contract-based on-chain ethereum wallets. In: Network and System Security: 14th International Conference, NSS 2020, Melbourne, VIC, Australia, November 25\u201327, 2020, Proceedings 14, pp. 22\u201341 (2020). Springer","DOI":"10.1007\/978-3-030-65745-1_2"},{"key":"430_CR4","unstructured":"Phantom \u2013 Crypto & NFT Wallet \u2013 Solana | Ethereum | Polygon. https:\/\/phantom.app\/ (2023)"},{"issue":"1","key":"430_CR39","first-page":"25","volume":"181","author":"S Qaiser","year":"2018","unstructured":"Qaiser, S., Ali, R.: Text mining: use of TF-IDF to examine the relevance of words to documents. Int. J. Comput. Appl. 181(1), 25\u201329 (2018)","journal-title":"Int. J. Comput. Appl."},{"key":"430_CR19","doi-asserted-by":"crossref","unstructured":"Sai, A.R., Buckley, J., Le\u00a0Gear, A.: Privacy and security analysis of cryptocurrency mobile applications. In: 2019 Fifth Conference on Mobile and Secure Services (MobiSecServ), pp. 1\u20136 (2019). IEEE","DOI":"10.1109\/MOBISECSERV.2019.8686583"},{"key":"430_CR40","unstructured":"Selenium. https:\/\/www.selenium.dev\/ (2022)"},{"key":"430_CR9","unstructured":"Security Threat Exposed for Browser-based Crypto Wallets. https:\/\/blockworks.co\/news\/security-threat-exposed-for-browser-based-crypto-wallets (2022)"},{"key":"430_CR36","unstructured":"Security Notice: Extension Disk Encryption Issue. https:\/\/medium.com\/metamask\/security-notice-extension-disk-encryption-issue-d437d4250863 (2022)"},{"key":"430_CR6","unstructured":"Slope Wallet Incident Update. 8\/2\/2022 https:\/\/solana.com\/news\/8-2-2022-application-wallet-incident\/ (2022)"},{"key":"430_CR26","unstructured":"The Wild Crypto World in 2022: Fraud, Security Breaches & Resilient Builders. https:\/\/www.ledger.com\/blog\/the-wild-crypto-world-in-2022-fraud-security-breaches-resilient-builders (2022)"},{"key":"430_CR10","unstructured":"Trinity Attack Incident Part 1: Summary and next steps. https:\/\/blog.iota.org\/trinity-attack-incident-part-1-summary-and-next-steps-8c7ccc4d81e8\/ (2022)"},{"key":"430_CR34","first-page":"132","volume":"800","author":"MS Turan","year":"2010","unstructured":"Turan, M.S., Barker, E., Burr, W., Chen, L.: Recommendation for password-based key derivation. NIST Spec. Publ. 800, 132 (2010)","journal-title":"NIST Spec. Publ."},{"key":"430_CR15","doi-asserted-by":"crossref","unstructured":"Uddin, M.S., Mannan, M., Youssef, A.: Horus: a security assessment framework for android crypto wallets. In: Security and Privacy in Communication Networks: 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6\u20139, 2021, Proceedings, Part II 17, pp. 120\u2013139 (2021). Springer","DOI":"10.1007\/978-3-030-90022-9_7"},{"key":"430_CR35","first-page":"296","volume":"46","author":"A Visconti","year":"2019","unstructured":"Visconti, A., Mosn\u00e1\u010dek, O., Bro\u017e, M., Maty\u00e1\u0161, V.: Examining pbkdf2 security margin-case study of luks. J. Inf. Secur. Appl. 46, 296\u2013306 (2019)","journal-title":"J. Inf. Secur. Appl."},{"key":"430_CR30","doi-asserted-by":"crossref","unstructured":"Wu, L., Brandt, B., Du, X., Ji, B.: Analysis of clickjacking attacks and an effective defense scheme for android devices. In: 2016 IEEE Conference on Communications and Network Security (CNS), pp. 55\u201363 (2016). IEEE","DOI":"10.1109\/CNS.2016.7860470"},{"key":"430_CR27","unstructured":"Year 2022 in Review - Crypto Wallet Security Incidents. https:\/\/www.certik.com\/zh-CN\/resources\/blog\/01iz10lvnaAIcuNZ2zNJqA-2022-year-in-review-crypto-wallet-security-incidents (2023)"},{"key":"430_CR44","doi-asserted-by":"crossref","unstructured":"Zheng, Y., Liu, Y., Xie, X., Liu, Y., Ma, L., Hao, J., Liu, Y.: Automatic web testing using curiosity-driven reinforcement learning. In: 2021 IEEE\/ACM 43rd International Conference on Software Engineering (ICSE), pp. 423\u2013435 (2021). IEEE","DOI":"10.1109\/ICSE43902.2021.00048"},{"key":"430_CR49","doi-asserted-by":"crossref","unstructured":"Zhao, R., Yue, C., Yi, Q.: Automatic detection of information leakage vulnerabilities in browser extensions. In: Proceedings of the 24th International Conference on World Wide Web, pp. 1384\u20131394 (2015)","DOI":"10.1145\/2736277.2741134"}],"container-title":["Automated Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10515-024-00430-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10515-024-00430-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10515-024-00430-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,4,29]],"date-time":"2024-04-29T13:25:46Z","timestamp":1714397146000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10515-024-00430-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3,31]]},"references-count":53,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2024,5]]}},"alternative-id":["430"],"URL":"https:\/\/doi.org\/10.1007\/s10515-024-00430-3","relation":{},"ISSN":["0928-8910","1573-7535"],"issn-type":[{"value":"0928-8910","type":"print"},{"value":"1573-7535","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,3,31]]},"assertion":[{"value":"29 December 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 March 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"31 March 2024","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors have no Conflict of interest to declare that are relevant to the content of this article.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"Not applicable since there are no human and\/or animal studies included in this paper.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}],"article-number":"32"}}