Following Devil's Footprints: Cross-Platform Analysis of Potentially Harmful Libraries on Android and iOS
作者: Kai Chen , Xueqiang Wang , Yi Chen , Peng Wang , Yeonjoon Lee
DOI: 10.1109/SP.2016.29
关键词: Cross-platform 、 World Wide Web 、 Android (operating system) 、 Internet privacy 、 Computer science 、 Android Wear 、 Malware 、 Mobile telephony 、 App store
摘要: It is reported recently that legitimate libraries are repackaged for propagating malware. An in-depth analysis of such potentially-harmful (PhaLibs), however, has never been done before, due to the challenges in identifying those whose code can be unavailable online (e.g., removed from public repositories, spreading underground, etc.). Particularly, an iOS app, library it integrates cannot trivially recovered its binary and analyzed by any publicly available anti-virus (AV) systems. In this paper, we report first systematic study on PhaLibs across Android iOS, based upon a key observation many have versions potentially used understand their behaviors relations between both sides. To end, utilize methodology clusters similar packages large number popular apps identify libraries, strategically analyze them using AV systems find PhaLibs. Those then search counterparts within Apple invariant features shared cross platforms. On each discovered PhaLib, our approach further identifies suspicious also appear version uses system side confirm indeed harmful. Running 1.3 million 140,000 downloaded 8 markets, 117 with 1008 variations 23 706 iOS. Altogether, found infect 6.84% Google Play embedded thousands apps, 2.94% among official App Store. Looking into PhaLibs, not only do discover as mobiSage, but 6 other back-door known before. contain risky reading host apps' keychain, stealthily recording audio video even attempting make phone calls. Our research shows most Android-side harmful preserved corresponding new evidence about repackaging propagations
ieeecomputersociety.org参考文章(38)
Sven Bugiel, Ahmad-Reza Sadeghi, Stephan Heuser, Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies usenix security symposium. pp. 131- 146 ,(2013)
Robert H. Deng, Debin Gao, Jin Han, Jianying Zhou, Qiang Yan, Comparing Mobile Privacy Protection through Cross-Platform Applications network and distributed system security symposium. ,(2013)
Heqing Huang, Yeonjoon Lee, Kai Chen, Peng Liu, Peng Wang, Nan Zhang, Wei Zou, XiaoFeng Wang, Finding unknown malice in 10 seconds: mass vetting for new threats at the Google-play scale usenix security symposium. pp. 659- 674 ,(2015)
Martin Szydlowski, Manuel Egele, Christopher Kruegel, Giovanni Vigna, Challenges for dynamic analysis of iOS applications iNetSec'11 Proceedings of the 2011 IFIP WG 11.4 international conference on Open Problems in Network Security. pp. 65- 77 ,(2011) , 10.1007/978-3-642-27585-2_6
Manuel Egele, Christopher Kruegel, Engin Kirda, Giovanni Vigna, PiOS : Detecting privacy leaks in iOS applications network and distributed system security symposium. ,(2011)
Y. Kataoka, M.D. Ernst, W.G. Griswold, D. Notkin, Automated support for program refactoring using invariants international conference on software maintenance. pp. 736- 743 ,(2001) , 10.1109/ICSM.2001.972794
Hans-Peter Kriegel, Martin Ester, Jörg Sander, Xiaowei Xu, A density-based algorithm for discovering clusters in large spatial Databases with Noise knowledge discovery and data mining. pp. 226- 231 ,(1996)
Lok Kwong Yan, Heng Yin, DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis usenix security symposium. pp. 29- 29 ,(2012)
Christian Rossow, Thorsten Holz, Jannik Pewny, Behrad Garmany, Robert Gawlik, Cross-Architecture Bug Search in Binary Executables 2015 IEEE Symposium on Security and Privacy. pp. 709- 724 ,(2015) , 10.1109/SP.2015.49
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971