{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,29]],"date-time":"2025-11-29T16:24:34Z","timestamp":1764433474288,"version":"3.41.0"},"reference-count":93,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2022,12,1]],"date-time":"2022-12-01T00:00:00Z","timestamp":1669852800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Singapore Ministry of Education Academic Research Fund Tier 3","award":["MOE?s official grant number MOE2017-T3-1-007"],"award-info":[{"award-number":["MOE?s official grant number MOE2017-T3-1-007"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Meas. Anal. Comput. Syst."],"published-print":{"date-parts":[[2022,12]]},"abstract":"<jats:p>Due to the surging popularity of various cryptocurrencies in recent years, a large number of browser extensions have been developed as portals to access relevant services, such as cryptocurrency exchanges and wallets. This has stimulated a wild growth of cryptocurrency themed malicious extensions that cause heavy financial losses to the users and legitimate service providers. They have shown their capability of evading the stringent vetting processes of the extension stores, highlighting a lack of understanding of this emerging type of malware in our community. In this work, we conduct the first systematic study to identify and characterize cryptocurrency-themed malicious extensions. We monitor seven official and third-party extension distribution venues for 18 months (December 2020 to June 2022) and have collected around 3600 unique cryptocurrency-themed extensions. Leveraging a hybrid analysis, we have identified 186 malicious extensions that belong to five categories. We then characterize those extensions from various perspectives including their distribution channels, life cycles, developers, illicit behaviors, and illegal gains. Our work unveils the status quo of the cryptocurrency-themed malicious extensions and reveals their disguises and programmatic features on which detection techniques can be based. Our work serves as a warning to extension users, and an appeal to extension store operators to enact dedicated countermeasures. To facilitate future research in this area, we release our dataset of the identified malicious extensions and open-source our analyzer.<\/jats:p>","DOI":"10.1145\/3570603","type":"journal-article","created":{"date-parts":[[2022,12,8]],"date-time":"2022-12-08T20:20:10Z","timestamp":1670530810000},"page":"1-31","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":12,"title":["Characterizing Cryptocurrency-themed Malicious Browser Extensions"],"prefix":"10.1145","volume":"6","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3977-6573","authenticated-orcid":false,"given":"Kailong","family":"Wang","sequence":"first","affiliation":[{"name":"Huazhong University of Science and Technology &amp; National University of Singapore, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0887-7563","authenticated-orcid":false,"given":"Yuxi","family":"Ling","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5611-3483","authenticated-orcid":false,"given":"Yanjun","family":"Zhang","sequence":"additional","affiliation":[{"name":"Deakin University, Geelong, VIC, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5663-9178","authenticated-orcid":false,"given":"Zhou","family":"Yu","sequence":"additional","affiliation":[{"name":"Beijing University of Posts and Telecommunications, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1100-8633","authenticated-orcid":false,"given":"Haoyu","family":"Wang","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6390-9890","authenticated-orcid":false,"given":"Guangdong","family":"Bai","sequence":"additional","affiliation":[{"name":"University of Queensland, Brisbane, QLD, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4446-1100","authenticated-orcid":false,"given":"Beng Chin","family":"Ooi","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6512-8326","authenticated-orcid":false,"given":"Jin Song","family":"Dong","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2022,12,8]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"AdBlock. 2009. https:\/\/getadblock.com. (2009).  AdBlock. 2009. https:\/\/getadblock.com. (2009)."},{"volume-title":"Visited","year":"2022","key":"e_1_2_1_2_1","unstructured":"Add-on Policies. Visited in July 2022 . https:\/\/extensionworkshop.com\/documentation\/publish\/add-on-policies. ( Visited in July 2022). Add-on Policies. Visited in July 2022. https:\/\/extensionworkshop.com\/documentation\/publish\/add-on-policies. ( Visited in July 2022)."},{"key":"e_1_2_1_3_1","volume-title":"Visited","author":"Checker Address","year":"2022","unstructured":"Address Checker . Visited in July 2022 . http:\/\/addresschecker.eu. ( Visited in July 2022). Address Checker. Visited in July 2022. http:\/\/addresschecker.eu. ( Visited in July 2022)."},{"key":"e_1_2_1_4_1","volume-title":"Visited","author":"Distribution Options Alternative Extension","year":"2022","unstructured":"Alternative Extension Distribution Options . Visited in July 2022 . https:\/\/developer.chrome.com\/docs\/extensions\/mv3\/external_extensions. ( Visited in July 2022). Alternative Extension Distribution Options. Visited in July 2022. https:\/\/developer.chrome.com\/docs\/extensions\/mv3\/external_extensions. ( Visited in July 2022)."},{"key":"e_1_2_1_5_1","volume-title":"Visited","author":"Explorer AST","year":"2022","unstructured":"AST Explorer . Visited in July 2022 . https:\/\/astexplorer.net. ( Visited in July 2022). AST Explorer. Visited in July 2022. https:\/\/astexplorer.net. ( Visited in July 2022)."},{"key":"e_1_2_1_6_1","doi-asserted-by":"crossref","unstructured":"Atzei Nicola and Bartoletti Massimo and Cimoli Tiziana. 2017. A Survey of Attacks on Ethereum Smart Contracts SoK. In POST. 164--186.  Atzei Nicola and Bartoletti Massimo and Cimoli Tiziana. 2017. A Survey of Attacks on Ethereum Smart Contracts SoK. In POST. 164--186.","DOI":"10.1007\/978-3-662-54455-6_8"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1995376.1995398"},{"key":"e_1_2_1_8_1","volume-title":"Paul C. and Somayaji, Anil.","author":"Kayacik David","year":"2010","unstructured":"Barrera, David and Kayacik , H . G\u00fcnecs and van Oorschot , Paul C. and Somayaji, Anil. 2010 . A Methodology for Empirical Analysis of Permission-Based Security Models and Its Application to Android. In CCS. 73--84. Barrera, David and Kayacik, H. G\u00fcnecs and van Oorschot, Paul C. and Somayaji, Anil. 2010. A Methodology for Empirical Analysis of Permission-Based Security Models and Its Application to Android. In CCS. 73--84."},{"key":"e_1_2_1_9_1","volume-title":"Visited","author":"Database Bitcoin Abuse","year":"2022","unstructured":"Bitcoin Abuse Database . Visited in July 2022 . https:\/\/www.bitcoinabuse.com. ( Visited in July 2022). Bitcoin Abuse Database. Visited in July 2022. https:\/\/www.bitcoinabuse.com. ( Visited in July 2022)."},{"volume-title":"Visited","year":"2022","key":"e_1_2_1_10_1","unstructured":"BlockCypher. Visited in July 2022 . https:\/\/www.blockcypher.com. ( Visited in July 2022). BlockCypher. Visited in July 2022. https:\/\/www.blockcypher.com. ( Visited in July 2022)."},{"key":"e_1_2_1_11_1","volume-title":"Visited","author":"Share Worldwide Browser Market","year":"2022","unstructured":"Browser Market Share Worldwide . Visited in July 2022 . https:\/\/gs.statcounter.com\/browser-market-share. ( Visited in July 2022). Browser Market Share Worldwide. Visited in July 2022. https:\/\/gs.statcounter.com\/browser-market-share. ( Visited in July 2022)."},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2021.02.016"},{"key":"e_1_2_1_13_1","volume-title":"Xiaosong.","author":"Li Ting","year":"2020","unstructured":"Chen, Ting and Li , Zihao and Zhu , Yuxiao and Chen , Jiachi and Luo , Xiapu and Lui , John Chi-Shing and Lin, Xiaodong and Zhang , Xiaosong. 2020 . Understanding Ethereum via Graph Analysis. ACM Trans. Internet Technol . , Vol. 20 (2020). Chen, Ting and Li, Zihao and Zhu, Yuxiao and Chen, Jiachi and Luo, Xiapu and Lui, John Chi-Shing and Lin, Xiaodong and Zhang, Xiaosong. 2020. Understanding Ethereum via Graph Analysis. ACM Trans. Internet Technol. , Vol. 20 (2020)."},{"volume-title":"Understanding Ethereum via Graph Analysis","author":"Zhu Ting","key":"e_1_2_1_14_1","unstructured":"Chen, Ting and Zhu , Yuxiao and Li , Zihao and Chen , Jiachi and Li , Xiaoqi and Luo , Xiapu and Lin , Xiaodong and Zhange , Xiaosong. 2018. Understanding Ethereum via Graph Analysis . In IEEE INFOCOM. 1484--1492. Chen, Ting and Zhu, Yuxiao and Li, Zihao and Chen, Jiachi and Li, Xiaoqi and Luo, Xiapu and Lin, Xiaodong and Zhange, Xiaosong. 2018. Understanding Ethereum via Graph Analysis. In IEEE INFOCOM. 1484--1492."},{"volume-title":"Market Manipulation of Bitcoin: Evidence from Mining the Mt. Gox Transaction Network","author":"Wu Weili","key":"e_1_2_1_15_1","unstructured":"Chen, Weili and Wu , Jun and Zheng , Zibin and Chen , Chuan and Zhou , Yuren. 2019. Market Manipulation of Bitcoin: Evidence from Mining the Mt. Gox Transaction Network . In IEEE INFOCOM. 964--972. Chen, Weili and Wu, Jun and Zheng, Zibin and Chen, Chuan and Zhou, Yuren. 2019. Market Manipulation of Bitcoin: Evidence from Mining the Mt. Gox Transaction Network. In IEEE INFOCOM. 964--972."},{"key":"e_1_2_1_16_1","volume-title":"Jing.","author":"Xu Weili","year":"2019","unstructured":"Chen, Weili and Xu , YueJin and Zheng , Zibin and Zhou , Yuren and Yang , Jianxun Eileen and Bian , Jing. 2019 . Detecting \"Pump Dump Schemes\" on Cryptocurrency Market Using An Improved Apriori Algorithm. In SOSE. 293--2935. Chen, Weili and Xu, YueJin and Zheng, Zibin and Zhou, Yuren and Yang, Jianxun Eileen and Bian, Jing. 2019. Detecting \"Pump Dump Schemes\" on Cryptocurrency Market Using An Improved Apriori Algorithm. In SOSE. 293--2935."},{"key":"e_1_2_1_17_1","doi-asserted-by":"crossref","unstructured":"Chen Weili and Zheng Zibin and Cui Jiahui and Ngai Edith and Zheng Peilin and Zhou Yuren. 2018. Detecting Ponzi Schemes on Ethereum: Towards Healthier Blockchain Technology. In WWW. 1409--1418.  Chen Weili and Zheng Zibin and Cui Jiahui and Ngai Edith and Zheng Peilin and Zhou Yuren. 2018. Detecting Ponzi Schemes on Ethereum: Towards Healthier Blockchain Technology. In WWW. 1409--1418.","DOI":"10.1145\/3178876.3186046"},{"key":"e_1_2_1_18_1","unstructured":"CipherTrace. 2020. Cryptocurrency Crime and Anti-Money Laundering Report. https:\/\/ciphertrace.com\/2020-year-end-cryptocurrency-crime-and-anti-money-laundering-report. (2020).  CipherTrace. 2020. Cryptocurrency Crime and Anti-Money Laundering Report. https:\/\/ciphertrace.com\/2020-year-end-cryptocurrency-crime-and-anti-money-laundering-report. (2020)."},{"volume-title":"Visited","year":"2022","key":"e_1_2_1_19_1","unstructured":"Coin98 Wallet. Visited in July 2022 . https:\/\/chrome.google.com\/webstore\/detail\/coin98-wallet\/aeachknmefphepccionboohckonoeemg. ( Visited in July 2022). Coin98 Wallet. Visited in July 2022. https:\/\/chrome.google.com\/webstore\/detail\/coin98-wallet\/aeachknmefphepccionboohckonoeemg. ( Visited in July 2022)."},{"key":"e_1_2_1_20_1","unstructured":"Coinbase. 2021. Coinbase Wallet introduces new browser extension. https:\/\/blog.coinbase.com\/coinbase-wallet-introduces-new-browser-extension-dd067403b86. (2021).  Coinbase. 2021. Coinbase Wallet introduces new browser extension. https:\/\/blog.coinbase.com\/coinbase-wallet-introduces-new-browser-extension-dd067403b86. (2021)."},{"key":"e_1_2_1_21_1","volume-title":"Visited","author":"Extension Coinbase Exchange","year":"2022","unstructured":"Coinbase Exchange Extension . Visited in July 2022 . https:\/\/chrome.google.com\/webstore\/detail\/coinbase-wallet-extension\/hnfanknocfeofbddgcijnmhnfnkdnaad. ( Visited in July 2022). Coinbase Exchange Extension. Visited in July 2022. https:\/\/chrome.google.com\/webstore\/detail\/coinbase-wallet-extension\/hnfanknocfeofbddgcijnmhnfnkdnaad. ( Visited in July 2022)."},{"key":"e_1_2_1_22_1","volume-title":"Visited","author":"Coinbase Wallet","year":"2022","unstructured":"Coinbase Wallet extension. Visited in July 2022 . https:\/\/chrome.google.com\/webstore\/detail\/coinbase-wallet-extension\/hnfanknocfeofbddgcijnmhnfnkdnaad. ( Visited in July 2022). Coinbase Wallet extension. Visited in July 2022. https:\/\/chrome.google.com\/webstore\/detail\/coinbase-wallet-extension\/hnfanknocfeofbddgcijnmhnfnkdnaad. ( Visited in July 2022)."},{"volume-title":"Visited","year":"2022","key":"e_1_2_1_23_1","unstructured":"CoinMarketCap. Visited in July 2022 a. https:\/\/coinmarketcap.com\/rankings\/exchanges. ( Visited in July 2022). CoinMarketCap. Visited in July 2022a. https:\/\/coinmarketcap.com\/rankings\/exchanges. ( Visited in July 2022)."},{"volume-title":"Visited","year":"2022","key":"e_1_2_1_24_1","unstructured":"CoinMarketCap. Visited in July 2022 b. https:\/\/coinmarketcap.com. ( Visited in July 2022). CoinMarketCap. Visited in July 2022b. https:\/\/coinmarketcap.com. ( Visited in July 2022)."},{"key":"e_1_2_1_25_1","volume-title":"Visited","author":"Compare","year":"2022","unstructured":"Compare cryptocurrency wallets. Visited in July 2022 . https:\/\/www.finder.com.au\/view-cryptocurrency-wallets. ( Visited in July 2022). Compare cryptocurrency wallets. Visited in July 2022. https:\/\/www.finder.com.au\/view-cryptocurrency-wallets. ( Visited in July 2022)."},{"volume-title":"Visited","year":"2022","key":"e_1_2_1_26_1","unstructured":"Crx4Chrome. Visited in July 2022 . https:\/\/www.crx4chrome.com. ( Visited in July 2022). Crx4Chrome. Visited in July 2022. https:\/\/www.crx4chrome.com. ( Visited in July 2022)."},{"key":"e_1_2_1_27_1","volume-title":"Visited","author":"Tracker Crypto Price","year":"2022","unstructured":"Crypto Price Tracker . Visited in July 2022 . https:\/\/chrome.google.com\/webstore\/detail\/crypto-price-tracker\/fpkhlnacfhciopipcjpcjmkpldbogaeo. ( Visited in July 2022). Crypto Price Tracker. Visited in July 2022. https:\/\/chrome.google.com\/webstore\/detail\/crypto-price-tracker\/fpkhlnacfhciopipcjpcjmkpldbogaeo. ( Visited in July 2022)."},{"key":"e_1_2_1_28_1","volume-title":"Visited","author":"DB.","year":"2022","unstructured":"CryptoScam DB. Visited in July 2022 . https:\/\/cryptoscamdb.org. ( Visited in July 2022). CryptoScamDB. Visited in July 2022. https:\/\/cryptoscamdb.org. ( Visited in July 2022)."},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10723-020-09510-6"},{"key":"e_1_2_1_30_1","unstructured":"Louis F. DeKoven Stefan Savage Geoffrey M. Voelker and Nektarios Leontiadis. 2017. Malicious Browser Extensions at Scale: Bridging the Observability Gap between Web Site and Browser. In CSET.  Louis F. DeKoven Stefan Savage Geoffrey M. Voelker and Nektarios Leontiadis. 2017. Malicious Browser Extensions at Scale: Bridging the Observability Gap between Web Site and Browser. In CSET."},{"key":"e_1_2_1_31_1","volume-title":"The language of peer review reports on articles published in the BMJ","author":"Delgado Alberto Falk","year":"2014","unstructured":"Alberto Falk Delgado , Gregory Garretson , and Anna Falk Delgado . 2019. The language of peer review reports on articles published in the BMJ , 2014 --2017: an observational study. Scientometrics ( 2019), 1225--1235. Alberto Falk Delgado, Gregory Garretson, and Anna Falk Delgado. 2019. The language of peer review reports on articles published in the BMJ, 2014--2017: an observational study. Scientometrics (2019), 1225--1235."},{"key":"e_1_2_1_32_1","volume-title":"Visited","author":"Policies Developer Program","year":"2022","unstructured":"Developer Program Policies . Visited in July 2022 . https:\/\/developer.chrome.com\/docs\/webstore\/program_policies. ( Visited in July 2022). Developer Program Policies. Visited in July 2022. https:\/\/developer.chrome.com\/docs\/webstore\/program_policies. ( Visited in July 2022)."},{"key":"e_1_2_1_33_1","volume-title":"Visited","author":"State Domain","year":"2022","unstructured":"Domain State . Visited in July 2022 . https:\/\/www.domainstate.com. ( Visited in July 2022). Domain State. Visited in July 2022. https:\/\/www.domainstate.com. ( Visited in July 2022)."},{"key":"e_1_2_1_34_1","unstructured":"Kun Du Hao Yang Zhou Li Haixin Duan and Kehuan Zhang. 2016. The Ever-Changing Labyrinth: A Large-Scale Analysis of Wildcard DNS Powered Blackhat SEO. In USENIX Security. 245--262.  Kun Du Hao Yang Zhou Li Haixin Duan and Kehuan Zhang. 2016. The Ever-Changing Labyrinth: A Large-Scale Analysis of Wildcard DNS Powered Blackhat SEO. In USENIX Security. 245--262."},{"key":"e_1_2_1_35_1","volume-title":"Visited","author":"Wallet EQUAL","year":"2022","unstructured":"EQUAL Wallet . Visited in July 2022 . https:\/\/chrome.google.com\/webstore\/detail\/equal-wallet\/blnieiiffboillknjnepogjhkgnoapac. ( Visited in July 2022). EQUAL Wallet. Visited in July 2022. https:\/\/chrome.google.com\/webstore\/detail\/equal-wallet\/blnieiiffboillknjnepogjhkgnoapac. ( Visited in July 2022)."},{"volume-title":"Visited","year":"2022","key":"e_1_2_1_36_1","unstructured":"Esprima. Visited in July 2022 . https:\/\/esprima.org. ( Visited in July 2022). Esprima. Visited in July 2022. https:\/\/esprima.org. ( Visited in July 2022)."},{"volume-title":"Visited","year":"2022","key":"e_1_2_1_37_1","unstructured":"Etherscan. Visited in July 2022 . https:\/\/etherscan.io. ( Visited in July 2022). Etherscan. Visited in July 2022. https:\/\/etherscan.io. ( Visited in July 2022)."},{"key":"e_1_2_1_38_1","unstructured":"Europol Spotlight - Cryptocurrencies - Tracing the evolution of criminal finances. 2021. https:\/\/www.europol.europa.eu\/media-press\/newsroom\/news\/digital-gold-rush-debunking-common-myths-criminal-use-of-cryptocurrencies. (2021).  Europol Spotlight - Cryptocurrencies - Tracing the evolution of criminal finances. 2021. https:\/\/www.europol.europa.eu\/media-press\/newsroom\/news\/digital-gold-rush-debunking-common-myths-criminal-use-of-cryptocurrencies. (2021)."},{"key":"e_1_2_1_39_1","unstructured":"ExtAnalysis. 2019. https:\/\/github.com\/Tuhinshubhra\/ExtAnalysis. (2019).  ExtAnalysis. 2019. https:\/\/github.com\/Tuhinshubhra\/ExtAnalysis. (2019)."},{"key":"e_1_2_1_40_1","volume-title":"Visited","author":"Dataset Extension","year":"2022","unstructured":"Extension Dataset . Visited in July 2022 . https:\/\/github.com\/browserExtension057\/Cryptocurrency-extensions. ( Visited in July 2022). Extension Dataset. Visited in July 2022. https:\/\/github.com\/browserExtension057\/Cryptocurrency-extensions. ( Visited in July 2022)."},{"key":"e_1_2_1_41_1","volume-title":"Visited","author":"Deltas Extension","year":"2022","unstructured":"Extension Deltas . Visited in July 2022 . https:\/\/github.com\/wspr-ncsu\/extensiondeltas. ( Visited in July 2022). Extension Deltas. Visited in July 2022. https:\/\/github.com\/wspr-ncsu\/extensiondeltas. ( Visited in July 2022)."},{"key":"e_1_2_1_42_1","unstructured":"Fake Ledger Chrome Extension Crypto Scam May Have Stolen Up to $2.5M. 2020. https:\/\/www.financemagnates.com\/cryptocurrency\/news\/fake-ledger-chrome-extension-crypto-scam-may-have-stolen-up-to-2--5m. (2020).  Fake Ledger Chrome Extension Crypto Scam May Have Stolen Up to $2.5M. 2020. https:\/\/www.financemagnates.com\/cryptocurrency\/news\/fake-ledger-chrome-extension-crypto-scam-may-have-stolen-up-to-2--5m. (2020)."},{"key":"e_1_2_1_43_1","unstructured":"Adrienne Porter Felt Kate Greenwood and David Wagner. 2011. The Effectiveness of Application Permissions. In USENIX WebApps. 7.  Adrienne Porter Felt Kate Greenwood and David Wagner. 2011. The Effectiveness of Application Permissions. In USENIX WebApps. 7."},{"key":"e_1_2_1_44_1","volume-title":"Pinar Ozisik and Gavin Andresen and Amir Houmansadr","author":"Bissias George","year":"2016","unstructured":"George Bissias and Brian Neil Levine and A. Pinar Ozisik and Gavin Andresen and Amir Houmansadr . 2016 . An Analysis of Attacks on Blockchain Consensus. CoRR ( 2016). George Bissias and Brian Neil Levine and A. Pinar Ozisik and Gavin Andresen and Amir Houmansadr. 2016. An Analysis of Attacks on Blockchain Consensus. CoRR (2016)."},{"key":"e_1_2_1_45_1","unstructured":"Google is banning all cryptomining extensions from its Chrome Web Store. 2020. https:\/\/techcrunch.com\/2018\/04\/02\/google-is-banning-all-cryptomining-extensions-from-its-chrome-web-store. (2020).  Google is banning all cryptomining extensions from its Chrome Web Store. 2020. https:\/\/techcrunch.com\/2018\/04\/02\/google-is-banning-all-cryptomining-extensions-from-its-chrome-web-store. (2020)."},{"key":"e_1_2_1_46_1","unstructured":"Google Removes 49 Phishing Extensions That Steal Cryptocurrency Data. 2020. https:\/\/cointelegraph.com\/news\/google-removes-49-phishing-extensions-that-steal-cryptocurrency-data. (2020).  Google Removes 49 Phishing Extensions That Steal Cryptocurrency Data. 2020. https:\/\/cointelegraph.com\/news\/google-removes-49-phishing-extensions-that-steal-cryptocurrency-data. (2020)."},{"key":"e_1_2_1_47_1","volume-title":"Visited","author":"App Guge","year":"2022","unstructured":"Guge App . Visited in July 2022 . https:\/\/www.gugeapps.net. ( Visited in July 2022). Guge App. Visited in July 2022. https:\/\/www.gugeapps.net. ( Visited in July 2022)."},{"volume-title":"Verified Security for Browser Extensions","author":"Fredrikson Arjun","key":"e_1_2_1_48_1","unstructured":"Guha, Arjun and Fredrikson , Matthew and Livshits , Benjamin and Swamy , Nikhil. 2011. Verified Security for Browser Extensions . In IEEE S &P. 115--130. Guha, Arjun and Fredrikson, Matthew and Livshits, Benjamin and Swamy, Nikhil. 2011. Verified Security for Browser Extensions. In IEEE S&P. 115--130."},{"volume-title":"Visited","year":"2022","key":"e_1_2_1_49_1","unstructured":"Haoyong. Visited in July 2022 . https:\/\/www.chrome666.com. ( Visited in July 2022). Haoyong. Visited in July 2022. https:\/\/www.chrome666.com. ( Visited in July 2022)."},{"volume-title":"Visited","year":"2022","key":"e_1_2_1_50_1","unstructured":"Harry. Visited in July 2022 . https:\/\/medium.com\/mycrypto\/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9. ( Visited in July 2022). Harry. Visited in July 2022. https:\/\/medium.com\/mycrypto\/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9. ( Visited in July 2022)."},{"key":"e_1_2_1_51_1","volume-title":"Visited","author":"Market Huobi","year":"2022","unstructured":"Huobi Market . Visited in July 2022 . https:\/\/chrome.google.com\/webstore\/detail\/lgeilhhjnhcjlmlohhlpedhgddddgebh. ( Visited in July 2022). Huobi Market. Visited in July 2022. https:\/\/chrome.google.com\/webstore\/detail\/lgeilhhjnhcjlmlohhlpedhgddddgebh. ( Visited in July 2022)."},{"key":"e_1_2_1_52_1","first-page":"641","article-title":"Hulk","volume":"14","author":"Kapravelos Alexandros","year":"2014","unstructured":"Alexandros Kapravelos , Chris Grier , Neha Chachra , Christopher Kruegel , Giovanni Vigna , and Vern Paxson . 2014 . Hulk : Eliciting Malicious Behavior in Browser Extensions. In USENIX Security 14. 641 -- 654 . Alexandros Kapravelos, Chris Grier, Neha Chachra, Christopher Kruegel, Giovanni Vigna, and Vern Paxson. 2014. Hulk: Eliciting Malicious Behavior in Browser Extensions. In USENIX Security 14. 641--654.","journal-title":"Eliciting Malicious Behavior in Browser Extensions. In USENIX Security"},{"volume-title":"Visited","year":"2022","key":"e_1_2_1_53_1","unstructured":"keraf. Visited in July 2022 . : https:\/\/github.com\/keraf\/NoCoin\/blob\/master\/src\/blacklist.txt. ( Visited in July 2022). keraf. Visited in July 2022. : https:\/\/github.com\/keraf\/NoCoin\/blob\/master\/src\/blacklist.txt. ( Visited in July 2022)."},{"key":"e_1_2_1_54_1","volume-title":"Visited","author":"Market Dogecoin Price","year":"2022","unstructured":"KuCoin:Bitcoin, Dogecoin Price Market . Visited in July 2022 . https:\/\/chrome.google.com\/webstore\/detail\/kucoinbitcoindogecoin-pri\/nalaeminfbmmidadoaegigajbapfajgi. ( Visited in July 2022). KuCoin:Bitcoin,Dogecoin Price Market. Visited in July 2022. https:\/\/chrome.google.com\/webstore\/detail\/kucoinbitcoindogecoin-pri\/nalaeminfbmmidadoaegigajbapfajgi. ( Visited in July 2022)."},{"key":"e_1_2_1_55_1","unstructured":"LastPass. 2008. https:\/\/www.lastpass.com. (2008).  LastPass. 2008. https:\/\/www.lastpass.com. (2008)."},{"key":"e_1_2_1_56_1","unstructured":"Seunghyeon Lee Changhoon Yoon Heedo Kang Yeonkeun Kim Yongdae Kim Dongsu Han Sooel Son and Seungwon Shin. 2019. Cybercriminal minds: an investigative study of cryptocurrency abuses in the dark web. In NDSS. 1--15.  Seunghyeon Lee Changhoon Yoon Heedo Kang Yeonkeun Kim Yongdae Kim Dongsu Han Sooel Son and Seungwon Shin. 2019. Cybercriminal minds: an investigative study of cryptocurrency abuses in the dark web. In NDSS. 1--15."},{"key":"e_1_2_1_57_1","doi-asserted-by":"crossref","unstructured":"Yuxi Ling Kailong Wang Guangdong Bai Haoyu Wang and Jin Song Dong. 2022. Are They Toeing the Line? Diagnosing Privacy Compliance Violations among Browser Extensions. In ASE.  Yuxi Ling Kailong Wang Guangdong Bai Haoyu Wang and Jin Song Dong. 2022. Are They Toeing the Line? Diagnosing Privacy Compliance Violations among Browser Extensions. In ASE.","DOI":"10.1145\/3551349.3560436"},{"key":"e_1_2_1_58_1","volume-title":"Visited","author":"Malware","year":"2022","unstructured":"Malware and unwanted software. Visited in July 2022 . https:\/\/developers.google.com\/search\/docs\/advanced\/security\/malware. ( Visited in July 2022). Malware and unwanted software. Visited in July 2022. https:\/\/developers.google.com\/search\/docs\/advanced\/security\/malware. ( Visited in July 2022)."},{"key":"e_1_2_1_59_1","volume-title":"Data mining for detecting Bitcoin Ponzi schemes. CVCBT","author":"Bartoletti Massimo","year":"2018","unstructured":"Massimo Bartoletti and Barbara Pes and Sergio Serusi . 2018. Data mining for detecting Bitcoin Ponzi schemes. CVCBT ( 2018 ). Massimo Bartoletti and Barbara Pes and Sergio Serusi. 2018. Data mining for detecting Bitcoin Ponzi schemes. CVCBT (2018)."},{"volume-title":"Visited","year":"2022","key":"e_1_2_1_60_1","unstructured":"Metamask. Visited in July 2022 . https:\/\/chrome.google.com\/webstore\/detail\/metamask\/nkbihfbeogaeaoehlefnkodbefgpgknn. ( Visited in July 2022). Metamask. Visited in July 2022. https:\/\/chrome.google.com\/webstore\/detail\/metamask\/nkbihfbeogaeaoehlefnkodbefgpgknn. ( Visited in July 2022)."},{"volume-title":"Visited","year":"2022","key":"e_1_2_1_61_1","unstructured":"minerBlock. Visited in July 2022 . https:\/\/chrome.google.com\/webstore\/detail\/minerblock\/emikbbbebcdfohonlaifafnoanocnebl. ( Visited in July 2022). minerBlock. Visited in July 2022. https:\/\/chrome.google.com\/webstore\/detail\/minerblock\/emikbbbebcdfohonlaifafnoanocnebl. ( Visited in July 2022)."},{"volume-title":"Visited","year":"2022","key":"e_1_2_1_62_1","unstructured":"mitmproxy. Visited in July 2022 . https:\/\/mitmproxy.org. ( Visited in July 2022). mitmproxy. Visited in July 2022. https:\/\/mitmproxy.org. ( Visited in July 2022)."},{"volume-title":"Visited","year":"2022","key":"e_1_2_1_63_1","unstructured":"MonkeyLearn. Visited in July 2022 . https:\/\/monkeylearn.com\/sentiment-analysis. ( Visited in July 2022). MonkeyLearn. Visited in July 2022. https:\/\/monkeylearn.com\/sentiment-analysis. ( Visited in July 2022)."},{"key":"e_1_2_1_64_1","volume-title":"Visited","author":"Wallet Nami","year":"2022","unstructured":"Nami Wallet . Visited in July 2022 . https:\/\/chrome.google.com\/webstore\/detail\/nami-wallet\/lpfcbjknijpeeillifnkikgncikgfhdo. ( Visited in July 2022). Nami Wallet. Visited in July 2022. https:\/\/chrome.google.com\/webstore\/detail\/nami-wallet\/lpfcbjknijpeeillifnkikgncikgfhdo. ( Visited in July 2022)."},{"key":"e_1_2_1_65_1","unstructured":"Nav Jagpal and Eric Dingle and Jean-Philippe Gravel and Panayiotis Mavrommatis and Niels Provos and Moheeb Abu Rajab and Kurt Thomas. 2015. Trends and Lessons from Three Years Fighting Malicious Extensions. In USENIX Security. 579--593.  Nav Jagpal and Eric Dingle and Jean-Philippe Gravel and Panayiotis Mavrommatis and Niels Provos and Moheeb Abu Rajab and Kurt Thomas. 2015. Trends and Lessons from Three Years Fighting Malicious Extensions. In USENIX Security. 579--593."},{"key":"e_1_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jmoneco.2017.12.004"},{"key":"e_1_2_1_67_1","doi-asserted-by":"crossref","unstructured":"Kaan Onarlioglu Mustafa Battal William Robertson and Engin Kirda. 2013. Securing Legacy Firefox Extensions with SENTINEL (DIMVA ). 122--138.  Kaan Onarlioglu Mustafa Battal William Robertson and Engin Kirda. 2013. Securing Legacy Firefox Extensions with SENTINEL (DIMVA ). 122--138.","DOI":"10.1007\/978-3-642-39235-1_7"},{"key":"e_1_2_1_68_1","volume-title":"Visited","author":"Strategy Multiclass","year":"2022","unstructured":"One-vs-the-rest (OvR) Multiclass Strategy . Visited in July 2022 . https:\/\/scikit-learn.org\/stable\/modules\/generated\/sklearn.multiclass.OneVsRestClassifier.html. ( Visited in July 2022). One-vs-the-rest (OvR) Multiclass Strategy. Visited in July 2022. https:\/\/scikit-learn.org\/stable\/modules\/generated\/sklearn.multiclass.OneVsRestClassifier.html. ( Visited in July 2022)."},{"key":"e_1_2_1_69_1","doi-asserted-by":"crossref","unstructured":"Nikolaos Pantelaios Nick Nikiforakis and Alexandros Kapravelos. 2020. You've Changed: Detecting Malicious Browser Extensions through Their Update Deltas. In CCS. 477--491.  Nikolaos Pantelaios Nick Nikiforakis and Alexandros Kapravelos. 2020. You've Changed: Detecting Malicious Browser Extensions through Their Update Deltas. In CCS. 477--491.","DOI":"10.1145\/3372297.3423343"},{"key":"e_1_2_1_70_1","volume-title":"Tracing Cryptocurrency Scams: Clustering Replicated Advance-Fee and Phishing Websites. CoRR","author":"Phillips Ross","year":"2020","unstructured":"Ross Phillips and Heidi Wilder . 2020. Tracing Cryptocurrency Scams: Clustering Replicated Advance-Fee and Phishing Websites. CoRR ( 2020 ). Ross Phillips and Heidi Wilder. 2020. Tracing Cryptocurrency Scams: Clustering Replicated Advance-Fee and Phishing Websites. CoRR (2020)."},{"key":"e_1_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.06.005"},{"key":"e_1_2_1_72_1","volume-title":"Visited","author":"Share","year":"2022","unstructured":"Share of respondents who indicated they either owned or used cryptocurrencies in 55 countries worldwide in 2020. Visited in July 2022 . https:\/\/www.statista.com\/statistics\/1202468\/global-cryptocurrency-ownership. ( Visited in July 2022). Share of respondents who indicated they either owned or used cryptocurrencies in 55 countries worldwide in 2020. Visited in July 2022. https:\/\/www.statista.com\/statistics\/1202468\/global-cryptocurrency-ownership. ( Visited in July 2022)."},{"volume-title":"EmPoWeb: Empowering Web Applications with Browser Extensions","author":"Som\u00e9 Doli\u00e8re Francis","key":"e_1_2_1_73_1","unstructured":"Doli\u00e8re Francis Som\u00e9 . 2019. EmPoWeb: Empowering Web Applications with Browser Extensions . In IEEE S &P. 227--245. Doli\u00e8re Francis Som\u00e9. 2019. EmPoWeb: Empowering Web Applications with Browser Extensions. In IEEE S&P. 227--245."},{"key":"e_1_2_1_74_1","volume-title":"Visited","author":"Wallet Stargazer","year":"2022","unstructured":"Stargazer Wallet . Visited in July 2022 . https:\/\/chrome.google.com\/webstore\/detail\/stargazer-wallet\/pgiaagfkgcbnmiiolekcfmljdagdhlcm. ( Visited in July 2022). Stargazer Wallet. Visited in July 2022. https:\/\/chrome.google.com\/webstore\/detail\/stargazer-wallet\/pgiaagfkgcbnmiiolekcfmljdagdhlcm. ( Visited in July 2022)."},{"volume-title":"The Most Dangerous Code in the Browser","author":"Heule Stefan","key":"e_1_2_1_75_1","unstructured":"Stefan Heule and Devon Rifkin and Alejandro Russo and Deian Stefan . 2015. The Most Dangerous Code in the Browser . In HotOS XV. USENIX Association . Stefan Heule and Devon Rifkin and Alejandro Russo and Deian Stefan. 2015. The Most Dangerous Code in the Browser. In HotOS XV. USENIX Association."},{"key":"e_1_2_1_76_1","first-page":"227","article-title":"Explaining odds ratios","volume":"19","author":"Szumilas Magdalena","year":"2010","unstructured":"Magdalena Szumilas . 2010 . Explaining odds ratios . Journal of the Canadian academy of child and adolescent psychiatry , Vol. 19 , 3 (2010), 227 . Magdalena Szumilas. 2010. Explaining odds ratios. Journal of the Canadian academy of child and adolescent psychiatry, Vol. 19, 3 (2010), 227.","journal-title":"Journal of the Canadian academy of child and adolescent psychiatry"},{"key":"e_1_2_1_77_1","unstructured":"Tab Wrangler. 2010. https:\/\/github.com\/tabwrangler\/tabwrangler. (2010).  Tab Wrangler. 2010. https:\/\/github.com\/tabwrangler\/tabwrangler. (2010)."},{"key":"e_1_2_1_78_1","unstructured":"Ted Knutson. 2022. Crypto Increasingly Used In Human\/Drug Trafficking Says GAO. https:\/\/www.forbes.com\/sites\/tedknutson\/2022\/01\/10\/crypto-increasingly-used-in-humandrug-trafficking-says-gao\/'sh=7043c1c4637e. (2022).  Ted Knutson. 2022. Crypto Increasingly Used In Human\/Drug Trafficking Says GAO. https:\/\/www.forbes.com\/sites\/tedknutson\/2022\/01\/10\/crypto-increasingly-used-in-humandrug-trafficking-says-gao\/'sh=7043c1c4637e. (2022)."},{"key":"e_1_2_1_79_1","doi-asserted-by":"crossref","unstructured":"Ege Tekiner Abbas Acar A. Selcuk Uluagac Engin Kirda and Ali Aydin Selcuk. 2021. SoK: Cryptojacking Malware. In 2021 IEEE EuroS&P). 120--139.  Ege Tekiner Abbas Acar A. Selcuk Uluagac Engin Kirda and Ali Aydin Selcuk. 2021. SoK: Cryptojacking Malware. In 2021 IEEE EuroS&P). 120--139.","DOI":"10.1109\/EuroSP51992.2021.00019"},{"key":"e_1_2_1_80_1","volume-title":"Jin Soon Lim, and V. N. Venkatakrishnan","author":"Louw Mike Ter","year":"2007","unstructured":"Mike Ter Louw , Jin Soon Lim, and V. N. Venkatakrishnan . 2007 . Extensible Web Browser Security (DIMVA) . 1--19. Mike Ter Louw, Jin Soon Lim, and V. N. Venkatakrishnan. 2007. Extensible Web Browser Security (DIMVA). 1--19."},{"key":"e_1_2_1_81_1","volume-title":"Visited","author":"Project The Selenium","year":"2022","unstructured":"The Selenium Project . Visited in July 2022 . https:\/\/www.selenium.dev. ( Visited in July 2022). The Selenium Project. Visited in July 2022. https:\/\/www.selenium.dev. ( Visited in July 2022)."},{"volume-title":"Ad Injection at Scale: Assessing Deceptive Advertisement Modifications","author":"Thomas Kurt","key":"e_1_2_1_82_1","unstructured":"Kurt Thomas , Elie Bursztein , Chris Grier , Grant Ho , Nav Jagpal , Alexandros Kapravelos , Damon Mccoy , Antonio Nappa , Vern Paxson , Paul Pearce , Niels Provos , and Moheeb Abu Rajab . 2015. Ad Injection at Scale: Assessing Deceptive Advertisement Modifications . In IEEE S &P. 151--167. Kurt Thomas, Elie Bursztein, Chris Grier, Grant Ho, Nav Jagpal, Alexandros Kapravelos, Damon Mccoy, Antonio Nappa, Vern Paxson, Paul Pearce, Niels Provos, and Moheeb Abu Rajab. 2015. Ad Injection at Scale: Assessing Deceptive Advertisement Modifications. In IEEE S&P. 151--167."},{"key":"e_1_2_1_83_1","doi-asserted-by":"crossref","unstructured":"Victor Friedhelm and Weintraud Andrea Marie. 2021. Detecting and Quantifying Wash Trading on Decentralized Cryptocurrency Exchanges. In WWW. 23--32.  Victor Friedhelm and Weintraud Andrea Marie. 2021. Detecting and Quantifying Wash Trading on Decentralized Cryptocurrency Exchanges. In WWW. 23--32.","DOI":"10.1145\/3442381.3449824"},{"volume-title":"Visited","year":"2022","key":"e_1_2_1_84_1","unstructured":"VirusTotal. Visited in July 2022 . https:\/\/www.virustotal.com\/gui\/home. ( Visited in July 2022). VirusTotal. Visited in July 2022. https:\/\/www.virustotal.com\/gui\/home. ( Visited in July 2022)."},{"volume-title":"Visited","year":"2022","key":"e_1_2_1_85_1","unstructured":"WalletExplorer. Visited in July 2022 a. https:\/\/www.walletexplorer.com. ( Visited in July 2022). WalletExplorer. Visited in July 2022a. https:\/\/www.walletexplorer.com. ( Visited in July 2022)."},{"volume-title":"Visited","year":"2022","key":"e_1_2_1_86_1","unstructured":"WalletExplorer. Visited in July 2022 b. https:\/\/oxt.me. ( Visited in July 2022). WalletExplorer. Visited in July 2022b. https:\/\/oxt.me. ( Visited in July 2022)."},{"key":"e_1_2_1_87_1","volume-title":"A combined static and dynamic analysis approach to detect malicious browser extensions. Security and Communication Networks","author":"Wang Yao","year":"2018","unstructured":"Yao Wang , Wandong Cai , Pin Lyu , and Wei Shao . 2018. A combined static and dynamic analysis approach to detect malicious browser extensions. Security and Communication Networks ( 2018 ). Yao Wang, Wandong Cai, Pin Lyu, and Wei Shao. 2018. A combined static and dynamic analysis approach to detect malicious browser extensions. Security and Communication Networks (2018)."},{"key":"e_1_2_1_88_1","volume-title":"Who Are the Phishers? Phishing Scam Detection on Ethereum via Network Embedding","author":"Yuan Jiajing","year":"2020","unstructured":"Wu, Jiajing and Yuan , Qi and Lin , Dan and You , Wei and Chen , Weili and Chen , Chuan and Zheng , Zibin. 2020. Who Are the Phishers? Phishing Scam Detection on Ethereum via Network Embedding . IEEE SMC ( 2020 ), 1--11. Wu, Jiajing and Yuan, Qi and Lin, Dan and You, Wei and Chen, Weili and Chen, Chuan and Zheng, Zibin. 2020. Who Are the Phishers? Phishing Scam Detection on Ethereum via Network Embedding. IEEE SMC (2020), 1--11."},{"volume-title":"Visited","year":"2022","key":"e_1_2_1_89_1","unstructured":"xd4rker. Visited in July 2022 . https:\/\/github.com\/xd4rker\/MinerBlock\/blob\/master\/assets\/filters.txt. ( Visited in July 2022). xd4rker. Visited in July 2022. https:\/\/github.com\/xd4rker\/MinerBlock\/blob\/master\/assets\/filters.txt. ( Visited in July 2022)."},{"key":"e_1_2_1_90_1","doi-asserted-by":"publisher","DOI":"10.1145\/3491051"},{"key":"e_1_2_1_91_1","doi-asserted-by":"publisher","DOI":"10.1109\/eCrime51433.2020.9493255"},{"key":"e_1_2_1_92_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101993"},{"key":"e_1_2_1_93_1","doi-asserted-by":"crossref","unstructured":"Xinyu Xing Wei Meng Byoungyoung Lee Udi Weinsberg Anmol Sheth Roberto Perdisci and Wenke Lee. 2015. Understanding Malvertising Through Ad-Injecting Browser Extensions. In WWW. 1286--1295. io  Xinyu Xing Wei Meng Byoungyoung Lee Udi Weinsberg Anmol Sheth Roberto Perdisci and Wenke Lee. 2015. Understanding Malvertising Through Ad-Injecting Browser Extensions. In WWW. 1286--1295. io","DOI":"10.1145\/2736277.2741630"}],"container-title":["Proceedings of the ACM on Measurement and Analysis of Computing Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3570603","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3570603","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:46:17Z","timestamp":1750178777000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3570603"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,12]]},"references-count":93,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2022,12]]}},"alternative-id":["10.1145\/3570603"],"URL":"https:\/\/doi.org\/10.1145\/3570603","relation":{},"ISSN":["2476-1249"],"issn-type":[{"type":"electronic","value":"2476-1249"}],"subject":[],"published":{"date-parts":[[2022,12]]},"assertion":[{"value":"2022-12-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}