Detecting money-stealing apps in alternative Android markets
作者: Chao Yang , Vinod Yegneswaran , Phillip Porras , Guofei Gu
关键词: Internet privacy 、 Malware 、 Preliminary analysis 、 Upload 、 Android (operating system) 、 Computer science 、 Android malware 、 Computer security
摘要: The prevalence of malware in Android marketplaces is a growing and significant problem. Among the most worrisome concerns are with regarding to malicious applications that attempt steal money from unsuspecting users. These get uploaded under guise benign applications, typically third-party alternative market places lack proper security vetting procedures, subsequently downloaded executed by victims. In this work, we propose "Money-Guard", systematic approach detect stealthy moneystealing popular markets. Our technique relies on detecting two key behavioral heuristics seem be common across many money-stealing malware: hardcoded exfiltration notification suppression. our preliminary analysis 47 SMS-based stealing confirm 41 these follow above pattern, describe light weight detection will identify pattern.
acm.org
sci-hub.se 参考文章(5)
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
Hahnsang Kim, Joshua Smith, Kang G. Shin, Detecting energy-greedy anomalies and mobile malware variants Proceeding of the 6th international conference on Mobile systems, applications, and services - MobiSys '08. pp. 239- 252 ,(2008) , 10.1145/1378600.1378627
Abhijit Bose, Xin Hu, Kang G. Shin, Taejoon Park, Behavioral detection of malware on mobile handsets Proceeding of the 6th international conference on Mobile systems, applications, and services - MobiSys '08. pp. 225- 238 ,(2008) , 10.1145/1378600.1378626
G.A. Jacoby, N.J. Davis, Battery-based intrusion detection global communications conference. ,vol. 4, pp. 2250- 2255 ,(2004) , 10.1109/GLOCOM.2004.1378409
Xuxian Jiang, Yajin Zhou, Wu Zhou, Zhi Wang, Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets network and distributed system security symposium. ,(2012)