{"id":"https://openalex.org/W4379528880","doi":"https://doi.org/10.1109/ecrime57793.2022.10142092","title":"Leaky Kits: The Increased Risk of Data Exposure from Phishing Kits","display_name":"Leaky Kits: The Increased Risk of Data Exposure from Phishing Kits","publication_year":2022,"publication_date":"2022-11-30","ids":{"openalex":"https://openalex.org/W4379528880","doi":"https://doi.org/10.1109/ecrime57793.2022.10142092"},"language":"en","primary_location":{"id":"doi:10.1109/ecrime57793.2022.10142092","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ecrime57793.2022.10142092","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 APWG Symposium on Electronic Crime Research (eCrime)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5019001470","display_name":"Bhaskar Tejaswi","orcid":"https://orcid.org/0000-0003-0506-2641"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Bhaskar Tejaswi","raw_affiliation_strings":["Concordia University,Montreal,Canada","Concordia University, Montreal, Canada"],"affiliations":[{"raw_affiliation_string":"Concordia University,Montreal,Canada","institution_ids":["https://openalex.org/I60158472"]},{"raw_affiliation_string":"Concordia University, Montreal, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070043553","display_name":"Nayanamana Samarasinghe","orcid":null},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Nayanamana Samarasinghe","raw_affiliation_strings":["Concordia University,Montreal,Canada","Concordia University, Montreal, Canada"],"affiliations":[{"raw_affiliation_string":"Concordia University,Montreal,Canada","institution_ids":["https://openalex.org/I60158472"]},{"raw_affiliation_string":"Concordia University, Montreal, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089252137","display_name":"Sajjad Pourali","orcid":"https://orcid.org/0000-0001-9405-8710"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Sajjad Pourali","raw_affiliation_strings":["Concordia University,Montreal,Canada","Concordia University, Montreal, Canada"],"affiliations":[{"raw_affiliation_string":"Concordia University,Montreal,Canada","institution_ids":["https://openalex.org/I60158472"]},{"raw_affiliation_string":"Concordia University, Montreal, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055898168","display_name":"Mohammad Mannan","orcid":"https://orcid.org/0000-0002-9630-5858"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Mohammad Mannan","raw_affiliation_strings":["Concordia University,Montreal,Canada","Concordia University, Montreal, Canada"],"affiliations":[{"raw_affiliation_string":"Concordia University,Montreal,Canada","institution_ids":["https://openalex.org/I60158472"]},{"raw_affiliation_string":"Concordia University, Montreal, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5085765243","display_name":"Amr Youssef","orcid":"https://orcid.org/0000-0002-4284-8646"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Amr Youssef","raw_affiliation_strings":["Concordia University,Montreal,Canada","Concordia University, Montreal, Canada"],"affiliations":[{"raw_affiliation_string":"Concordia University,Montreal,Canada","institution_ids":["https://openalex.org/I60158472"]},{"raw_affiliation_string":"Concordia University, Montreal, Canada","institution_ids":["https://openalex.org/I60158472"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5019001470"],"corresponding_institution_ids":["https://openalex.org/I60158472"],"apc_list":null,"apc_paid":null,"fwci":2.4252,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.91422218,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":98},"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/phishing","display_name":"Phishing","score":0.9264858961105347},{"id":"https://openalex.org/keywords/plaintext","display_name":"Plaintext","score":0.798953652381897},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7605410814285278},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.7168328762054443},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6527928113937378},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.434354692697525},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.4049697518348694},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.21652138233184814}],"concepts":[{"id":"https://openalex.org/C83860907","wikidata":"https://www.wikidata.org/wiki/Q135005","display_name":"Phishing","level":3,"score":0.9264858961105347},{"id":"https://openalex.org/C92717368","wikidata":"https://www.wikidata.org/wiki/Q1162538","display_name":"Plaintext","level":3,"score":0.798953652381897},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7605410814285278},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.7168328762054443},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6527928113937378},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.434354692697525},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.4049697518348694},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.21652138233184814}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ecrime57793.2022.10142092","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ecrime57793.2022.10142092","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 APWG Symposium on Electronic Crime Research (eCrime)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.8199999928474426}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W92038636","https://openalex.org/W1999101254","https://openalex.org/W2024711043","https://openalex.org/W2161020477","https://openalex.org/W2488850733","https://openalex.org/W2531223178","https://openalex.org/W2807822918","https://openalex.org/W2933056782","https://openalex.org/W2980720901","https://openalex.org/W3189977787","https://openalex.org/W3212665059","https://openalex.org/W4286331442","https://openalex.org/W6603725390","https://openalex.org/W6650362583","https://openalex.org/W6683652650","https://openalex.org/W6722583902","https://openalex.org/W6799539189"],"related_works":["https://openalex.org/W2149202530","https://openalex.org/W2807822918","https://openalex.org/W2921723332","https://openalex.org/W2482950156","https://openalex.org/W3042334625","https://openalex.org/W107495730","https://openalex.org/W2362689357","https://openalex.org/W2365982350","https://openalex.org/W2508016950","https://openalex.org/W2073145422"],"abstract_inverted_index":{"Phishing":[0],"kits":[1,24,63,153,184,223,234,266,312],"allow":[2],"adversaries":[3,74],"with":[4,104],"little":[5],"or":[6],"no":[7],"technical":[8],"experience":[9],"to":[10,40,69,203,240,245,275,285,328,341],"launch":[11],"phishing":[12,23,62,146,152],"websites":[13],"in":[14,57,61,145,208,230,279],"a":[15,70,94,155,166],"short":[16],"time.":[17],"Past":[18],"research":[19,52],"has":[20],"found":[21,178,194,283,307],"such":[22],"that":[25,179,308],"contain":[26],"backdoors":[27,113],"(e.g.,":[28,114,128,251,295,318],"obfuscated":[29,115],"email":[30,116,255,299],"addresses),":[31],"which":[32,58,92,324],"are":[33,313],"intentionally":[34],"added":[35],"by":[36,53,315],"the":[37,42,65,76,121,182,213,221,264,311],"kit":[38,77,80,88],"developers":[39],"obtain":[41],"phished":[43,249],"data.":[44,332],"In":[45,217],"this":[46],"work,":[47],"we":[48,271],"augment":[49],"on":[50,111],"prior":[51],"exploring":[54],"several":[55,163],"ways":[56],"security":[59,143,316],"flaws":[60],"make":[64],"victim":[66],"data":[67,250],"accessible":[68],"wider":[71],"set":[72,156],"of":[73,123,125,157,168,181,190,212,220,228,247,263,293,310],"beyond":[75],"deployers":[78],"and":[79,90,141,199,210,282,338],"developers.":[81],"We":[82,148,177,192,305,333],"implement":[83],"an":[84],"automated":[85],"framework":[86,337],"for":[87],"collection":[89],"analysis,":[91],"includes":[93],"custom":[95],"command-line":[96],"PHP":[97],"execution":[98],"tool":[99],"(for":[100],"dynamic":[101],"analysis)":[102],"along":[103],"other":[105,339],"open-source":[106],"tools.":[107],"Our":[108],"analysis":[109],"focuses":[110],"finding":[112],"address,":[117],"command":[118],"injection),":[119,323],"measuring":[120],"extent":[122],"disclosure":[124],"sensitive":[126,248,290],"information":[127,226,292],"via":[129],"exposed":[130],"plaintext":[131,231,242],"files,":[132,243],"hardcoded":[133,137,195,268],"Telegram":[134,269,277],"bot":[135],"tokens,":[136],"admin":[138,196],"console":[139,197],"passwords)":[140],"detecting":[142],"vulnerabilities":[144,317],"kits.":[147],"analyze":[149],"4238":[150],"distinct":[151],"(from":[154],"26,281":[158],"compressed":[159],"files":[160],"collected":[161],"from":[162],"sources":[164],"over":[165],"span":[167],"15":[169],"months),":[170],"each":[171],"having":[172],"unique":[173],"SHA-1":[174],"hash":[175],"value.":[176],"3.9%":[180],"analyzed":[183,214,222,265],"contained":[185,267],"at":[186],"least":[187],"one":[188],"form":[189],"backdoor.":[191],"also":[193,306],"passwords":[198],"API":[200],"keys":[201],"used":[202],"access":[204,239],"third":[205],"party":[206],"services,":[207],"8.3%":[209],"16%":[211],"kits,":[215,281],"respectively.":[216],"addition,":[218],"15.8%":[219],"wrote":[224],"stolen":[225],"(PII)":[227],"users":[229],"files;":[232],"5.6%":[233],"did":[235],"not":[236],"restrict":[237],"external":[238],"these":[241],"leading":[244],"exposure":[246],"178,504":[252],"passwords,":[253,297],"133,248":[254],"addresses,":[256,300],"1253":[257],"credit":[258,302],"card":[259,303],"numbers).":[260,304],"Furthermore,":[261],"11.7%":[262],"bots;":[270],"obtained":[272],"invite":[273],"links":[274],"join":[276],"chats":[278],"0.5%":[280],"them":[284],"expose":[286,330],"chat":[287],"messages":[288],"containing":[289],"PII":[291],"victims":[294],"73,342":[296],"141,095":[298],"3584":[301],"64%":[309],"affected":[314],"insecure":[319],"file":[320],"operations,":[321],"SQL":[322],"can":[325],"be":[326],"abused":[327],"further":[329],"user":[331],"have":[334],"open-sourced":[335],"our":[336],"artifacts":[340],"benefit":[342],"future":[343],"research.":[344]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}