암호화폐와 관련된 브라우저 확장 프로그램 목록
1. Overview
최근에 유행하는 멀웨어는 수익성을 가장 중요 시 한다. 과거에는 피해자의 시스템을 아예 무력화시키는 파괴형 멀웨어나, 제작하기 위해 큰 수고가 드는 드라이버로 작성된 멀웨어가 종종 보였지만, 최근에 유포되는 멀웨어는 만들기 쉽고, 탐지되기 어렵고, 철저하게 돈이 되는 정보만 노리고 있다.
이러한 트렌드에 따라, 최근 발견되는 정보 탈취형 멀웨어는 각 브라우저에 설치된 확장 프로그램 중 암호 화폐와 관련된 프로그램의 데이터를 수집하여 사용 중인 지갑 주소, 암호 정보를 탈취한다. 각 확장 프로그램은 고유한 ID 값을 가지며, 이 ID 값과 동일한 이름의 폴더에 관련된 정보를 저장한다.
아래 이미지는 chrome 웹 스토어에 등록된 Yoroi 암호 화폐 프로그램의 ID 값이 ffnbelfdoeiohenkjibnmadjiehjhajb 인 것을 보여준다.
만약 멀웨어에서 암호 화폐 확장 프로그램과 관련된 ID 값 문자열이 발견된다면, 해당 파일이 암호 화폐 정보 탈취 동작을 할 것이라 예상할 수 있다.
2. 확장 프로그램 경로
Windows OS 에서, Chrome 는 일반적으로 C:\Users\{User Name}\AppData\Local\Google\Chrome\User Data\Default\Extensions 경로에 각 확장 프로그램의 ID 이름으로 폴더가 생성된다.
| Google Chrome extension ID | Extension name |
|---|---|
| ffnbelfdoeiohenkjibnmadjiehjhajb | Yoroi |
| ibnejdfjmmkpcnlpebklmnkoeoihofec | TronLink |
| jbdaocneiiinmjbjlgalhcelgbejmnid | Nifty Wallet |
| nkbihfbeogaeaoehlefnkodbefgpgknn | MetaMask |
| afbcbjpbpfadlkmhmclhkeeodmamcflc | Math Wallet |
| hnfanknocfeofbddgcijnmhnfnkdnaad | Coinbase Wallet |
| fhbohimaelbohpjbbldcngcnapndodjp | Binance Wallet |
| odbfpeeihdkbihmopkbjmoonfanlbfcl | Brave Wallet |
| hpglfhgfnhbgpjdenjgmdgoeiappafln | Guarda Wallet |
| blnieiiffboillknjnepogjhkgnoapac | Equall Wallet |
| cjelfplplebdjjenllpjcblmjkfcffne | Jaxx Liberty |
| fihkakfobkmkjojpchpfgcmhfjnmnfpi | BitApp Wallet |
| kncchdigobghenbbaddojjnnaogfppfj | iWallet |
| amkmjjmmflddogmhpjloimipbofnfjih | Wombat |
| fhilaheimglignddkjgofkcbgekhenbh | Oxygen |
| nlbmnnijcnlegkjjpcfjclmcfggfefdm | MEW CX |
| nanjmdknhkinifnkgdcggcfnhdaammmj | GuildWallet |
| nkddgncdjgjfcddamfgcmfnlhccnimig | Saturn Wallet |
| fnjhmkhhmkbjkkabndcnnogagogbneec | Ronin Wallet |
| aiifbnbfobpmeekipheeijimdpnlpgpp | Station Wallet |
| fnnegphlobjdpkhecapkijjdkgcjhkib | Harmony |
| aeachknmefphepccionboohckonoeemg | Coin98 |
| cgeeodpfagjceefieflmdfphplkenlfk | EVER Wallet |
| pdadjkfkgcafgbceimcpbkalnfnepbnk | KardiaChain |
| bfnaelmomeimhlpmgjnjophhpkkoljpa | Phantom |
| fhilaheimglignddkjgofkcbgekhenbh | Oxygen |
| mgffkfbidihjpoaomajlbgchddlicgpn | Pali |
| aodkkagnadcbobfpggfnjeongemjbjca | BoltX |
| kpfopkelmapcoipemfendmdcghnegimn | Liquality |
| hmeobnfnfcmdkdcmlblgagmfpfboieaf | XDEFI |
| lpfcbjknijpeeillifnkikgncikgfhdo | Nami |
| dngmlblcodfobpdpecaadgfbcggfjfnm | MultiversX DeFi |
| jnlgamecbpmbajjfhmmmlhejkemejdma | Braavos |
| dlcobpjiigpikoobohmabehhmhfoodbb | Argent X |
| jgaaimajipbpdogpdglhaphldakikgef | Coinhub |
| fcfcfllfndlomdhbehjjcoimbgofdncg | Leap Cosmos Wallet |
| lgmpcpglpngdoalbgeoldeajfclnhafa | SafePal |
| hdokiejnpimakedhajhdlcegeplioahd | LastPass |
| abogmiocnneedmmepnohnhlijcjpcifd | Blade |
| pioclpoplcdbaefihamjohnefbikjilc | Evernote Web Clipper |
| dngmlblcodfobpdpecaadgfbcggfjfnm | MultiversX Wallet |
| kppfdiipphfccemcignhifpjkapfbihd | Frontier Wallet |
| mmmjbcfofconkannjonfmjjajpllddbg | Fluvi Wallet |
| loinekcabhlmhjjbocijdoimmejangoa | Glass wallet |
| heefohaffomkkkphnlpohglngmbcclhi | Morphis Wallet |
| idnnbdplmphpflfnlkomgpfbpcgelopg | Xverse Wallet |
| anokgmphncpekkhclmingpimjmcooifb | Compass Wallet |
| cnncmdhjacpkmjmkcafchppbnpnhdmon | HAVAH Wallet |
| ocjdpmoallmgmjbbogfiiaofphbjgchh | Sui Wallet |
| ojggmchlghnjlapmfbnjholfjkiidbch | Venom Wallet |
| egjidjbpglichdcondbcbdnbeeppgdph | Trust Wallet |
| mcohilncbfahbmgdjkbpemcciiolgcge | OKX Wallet |
| kkpllkodjeloidieedojogacfhpaihoh | Enkrypt |
| cphhlgmgameodnhkjdmkpanlelnlohao | NeoLine |
| nhnkbkgjikgcigadomkphalanndcapjk | CLV Wallet |
| acmacodkjbdgmoleebolmdjonilkdbch | Rabby Wallet |
| phkbamefinggmakgklpkljjmgibohnba | Pontem Crypto Wallet |
| efbglgofoippbgcjepnhiblaibcnclgk | Martian |
| nngceckbapebfimnlniiiahkandclblb | Bitwarden |
| ejjladinnckdgjemekebdpeokbikhfci | Petra |
| opcgpfmipidbgpenhmajoajpbobppdil | Sui Wallet |
| aholpfdialjgjfhomihkjbmgjidlcdno | Exodus Web3 Wallet |
| onhogfjeacnfoofkfgppdlbmlmnplgbn | SubWallet |
| mopnmbcafieddcagagdcbnhejhlodfdd | PolkadotJS |
| fijngjgcjhjmmpcmkeiomlglpeiijkld | Talisman Wallet |
| hifafgmccdpekplomjjkcfgodnhcellj | CryptoCom |
| dmkamcknogkgcdfhhbddcghachkejeap | Keplr |
| fhmfendgdocmcbmfikdcogofphimnkno | Sollet |
| cnmamaachppnkjgnildpdmkaakejnhae | Auro Wallet |
| jojhfeoedkpkglbfimdfabpdfjaoolaf | Polymesh Wallet |
| nknhiehlklippafakaeklbeglecifhad | Nabox Wallet |
| hcflpincpppdclinealmandijcmnkbgn | KHC |
| ookjlbkiijinhpmnjffcofjonbfbgaoc | Temple |
| mnfifefkajgofkcjkemidiaecocnkjeh | TezBox |
| lodccjjbdhfakaekdiahmedfbieldgik | DAppPlay |
| lkcjlnjfpbikmcmbachjpdbijejflpcm | old version Steem Keychain |
| onofpnbbkehpmmoabgpcpmigafmmnjh | Nash Extension |
| bcopgchhojmggmffilplmbdicgaihlkp | Hycon Lite Client |
| klnaejjgbibmhlephnhpmaofohgkpgkd | ZilPay |
| aeachknmefphepccionboohckonoeemg | Coin98 Wallet |
| bhghoamapcdpbohphigoooaddinpkbai | Authenticator |
| dkdedlpgdmmkkfjabffeganieamfklkm | Cyano Wallet |
| nlgbhdfgdhgbiamfdfmbikcdghidoadd | Byone |
| infeboajgfhgbjpjbeppbkgnabfdkdaf | OneKey Legacy |
| ijmpgkjfkbfhoebgogflfebnmejmfbm | BitClip |
| flpiciilemghbmfalicajoolhkkenfe | ICONex |
| cihmoadaighcejopammfbmddcmdekcje | LeafWallet |
| bhhhlbepdkbapadjdnnojkbgioiodbic | Solflare Wallet |
| mkpegjkblkkefacfnmkajcjmabijhclg | Magic Eden Wallet |
| aflkmfhebedbjioipglgcbcmnbpgliof | Backpack |
| gaedmjdfmmahhbjefcbgaolhhanlaolb | Authy |
| oeljdldpnmdbchonielidgobddfffla | EOS Authenticator |
| ilgcnhelpchnceeipipijaljkblbcob | GAuth Authenticator |
| imloifkgjagghnncjkhggdhalmcnfklk | Trezor Password Manager |
| ppbibelpcjmhbdihakflkdcoccbgbkpo | UniSat Wallet |
| jiidiaalihmmhddjgbnbgdfflelocpak | Bitget Wallet (Formerly BitKeep) |
Edge 브라우저의 확장 프로그램 데이터는 C:\Users\{User Name}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions 에 저장된다.
| Microsoft Edge extension ID | Extension name |
|---|---|
| akoiaibnepcedcplijmiamnaigbepmcb | Yoroi |
| ejbalbakoplchlghecdalmeeeajnimhm | MetaMask |
| dfeccadlilpndjjohbjdblepmjeahlmm | Math Wallet |
| kjmoohlgokccodicjjfebfomlbljgfhk | Ronin Wallet |
| ajkhoeiiokighlmdnlakpjfoobnjinie | Terra Station |
| fplfipmamcjaknpgnipjeaeeidnjooao | BDLT wallet |
| niihfokdlimbddhfmngnplgfcgpmlido | Glow |
| obffkkagpmohennipjokmpllocnlndac | OneKey |
| kfocnlddfahihoalinnfbnfmopjokmhl | MetaWallet |
| aeblfdkhhhdcdjpifhhbdiojplfjncoa | 1Password |
| cpojfbodiccabbabgimdeohkkpjfpbnf | Rainbow |
