Related papers: Web-based Cryptojacking in the Wild
Web-based chatbots provide website owners with the benefits of increased sales, immediate response to their customers, and insight into customer behaviour. While Web-based chatbots are getting popular, they have not received much scrutiny…
Fileless malware and cryptojacking attacks have appeared independently as the new alarming threats in 2017. After 2020, fileless attacks have been devastating for victim organizations with low-observable characteristics. Also, the amount of…
Recent works showed that it is feasible to hijack resources on cloud platforms. In such hijacks, attackers can take over released resources that belong to legitimate organizations. It was proposed that adversaries could abuse these…
Blockchain gaming is an emerging entertainment paradigm. However, blockchain games are still suffering from security issues, due to the immature blockchain technologies and its unsophisticated developers. In this work, we analyzed the…
Throughout recent years, the importance of internet-privacy has continuously risen. [...] Browser fingerprinting is a technique that does not require cookies or persistent identifiers. It derives a sufficiently unique identifier from the…
Although the use of pay-per-click mechanisms stimulates the prosperity of the mobile advertisement network, fraudulent ad clicks result in huge financial losses for advertisers. Extensive studies identify click fraud according to…
Modern websites heavily rely on JavaScript (JS) to implement legitimate functionality as well as privacy-invasive advertising and tracking. Browser extensions such as NoScript block any script not loaded by a trusted list of endpoints, thus…
Mining is the important part of the blockchain used the proof of work (PoW) on its consensus, looking for the matching block through testing a number of hash calculations. In order to attract more hash computing power, the miner who finds…
Open proxies forward traffic on behalf of any Internet user. Listed on open proxy aggregator sites, they are often used to bypass geographic region restrictions or circumvent censorship. Open proxies sometimes also provide a weak form of…
Web developers routinely rely on third-party Java-Script libraries such as jQuery to enhance the functionality of their sites. However, if not properly maintained, such dependencies can create attack vectors allowing a site to be…
The widespread usage of password authentication in online websites leads to an ever-increasing concern, especially when considering the possibility for an attacker to recover the user password by leveraging the loopholes in the password…
The large-scale deployment of modern phishing attacks relies on the automatic exploitation of vulnerable websites in the wild, to maximize profit while hindering attack traceability, detection and blacklisting. To the best of our knowledge,…
The decentralization, redundancy, and pseudo-anonymity features have made permission-less public blockchain platforms attractive for adoption as technology platforms for cryptocurrencies. However, such adoption has enabled cybercriminals to…
The advent of quantum computing poses a significant challenge as it has the potential to break certain cryptographic algorithms, necessitating a proactive approach to identify and modernize cryptographic code. Identifying these…
Nowadays online searches are undeniably the most common form of information gathering, as witnessed by billions of clicks generated each day on search engines. In this work we describe online searches as foraging processes that take place…
Websites use third-party ads and tracking services to deliver targeted ads and collect information about users that visit them. These services put users' privacy at risk, and that is why users' demand for blocking these services is growing.…
This paper performs a large-scale study of dependency chains in the web, to find that around 50% of first-party websites render content that they did not directly load. Although the majority (84.91%) of websites have short dependency chains…
With the emergence of remote code execution (RCE) vulnerabilities in ubiquitous libraries and advanced social engineering techniques, threat actors have started conducting widespread fileless cryptojacking attacks. These attacks have become…
Cybersquatting refers to the practice where attackers register a domain name similar to a legitimate one to confuse users for illegal gains. With the growth of the Non-Fungible Token (NFT) ecosystem, there are indications that…
Web applications are becoming truly pervasive in all kinds of business models and organizations. Today, most critical systems such as those related to health care, banking, or even emergency response, are relying on these applications. They…