Eight Years of Rider Measurement in the Android Malware Ecosystem

Suárez-Tangil, Guillermo; Stringhini, Gianluca

doi:10.1109/tdsc.2020.2982635

Cited by 46 publications

(45 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…As pointed out in [7], a number of critical vulnerabilities have been reported for Android platforms 3 . Particularly, the Android mediaserver has been repeatedly targeted recently through the Stagefright media playback engine.…”

Section: Dataset Used For Evaluationmentioning

confidence: 97%

Anomaly‐based exploratory analysis and detection of exploits in android mediaserver

et al. 2018

View full text Add to dashboard Cite

show abstract

Section: Dataset Used For Evaluationmentioning

confidence: 97%

Anomaly‐based exploratory analysis and detection of exploits in android mediaserver

et al. 2018

View full text Add to dashboard Cite

show abstract

“…Specifically, we rely on anti-virus scanners to flag malicious artifact. Concretely, DDM sends these non-image artifacts to VirusTotal [11], a free online service that integrates over 60 anti-virus engines, has been widely adopted by the research community [17,35,36,69]. Our prototype plugins implement detection schemes where, for each artifact that is sent to VirusTotal will be considered as ad devious content whenever at least three (3) anti-virus scanners flag it as suspicious.…”

Section: Other Devious Ad Content Groups Devious Ad Content For Othementioning

confidence: 99%

MadDroid: Characterizing and Detecting Devious Ad Contents for Android Apps

Liu

Wang

et al. 2020

Proceedings of the Web Conference 2020

View full text Add to dashboard Cite

Advertisement drives the economy of the mobile app ecosystem. As a key component in the mobile ad business model, mobile ad content has been overlooked by the research community, which poses a number of threats, e.g., propagating malware and undesirable contents. To understand the practice of these devious ad behaviors, we perform a large-scale study on the app contents harvested through automated app testing. In this work, we first provide a comprehensive categorization of devious ad contents, including five kinds of behaviors belonging to two categories: ad loading content and ad clicking content. Then, we propose MadDroid, a framework for automated detection of devious ad contents. MadDroid leverages an automated app testing framework with a sophisticated ad view exploration strategy for effectively collecting ad-related network traffic and subsequently extracting ad contents. We then integrate dedicated approaches into the framework to identify devious ad contents. We have applied MadDroid to 40,000 Android apps and found that roughly 6% of apps deliver devious ad contents, e.g., distributing malicious apps that cannot be downloaded via traditional app markets. Experiment results indicate that devious ad contents are prevalent, suggesting that our community should invest more effort into the detection and mitigation of devious ads towards building a trustworthy mobile advertising ecosystem. CCS CONCEPTS• Security and privacy → Software and application security; • Information systems → Online advertising; • Human-centered computing → Ubiquitous and mobile computing.

show abstract

“…Also, reflection is a popular java feature in Android as it allows to get information about classes and components while an app is running and modify them. The reflection API java.lang.reflect includes classes and interfaces that can be used to dynamically load code at runtime [67]. The package java.lang.reflect was called in all benign apps except one.…”

Section: Benign Applicationsmentioning

confidence: 99%

“…This package includes features to keep track of phone data such as network type and connection state. Also, it can be indicative of evasion [67,70]. Figure 11 shows an example screenshots of one ransomware app (MD5: 77ADB4D5A4F8AF9B8A6D23676848C6) handling many function calls from this package.…”

Section: Ransomware Applicationsmentioning

confidence: 99%

Ransomware Detection System for Android Applications

Alsoghyer

Almomani

2019

Electronics

View full text Add to dashboard Cite

Android ransomware is one of the most threatening attacks nowadays. Ransomware in general encrypts or locks the files on the victim's device and requests a payment in order to recover them. The available technologies are not enough as new ransomwares employ a combination of techniques to evade anti-virus detection. Moreover, the literature counts only a few studies that have proposed static and/or dynamic approaches to detect Android ransomware in particular. Additionally, there are plenty of open-source malware datasets; however, the research community is still lacking ransomware datasets. In this paper, the state-of-the-art of Android ransomware detection approaches were investigated. A deep comparative analysis was conducted which shed the key differences among the existing solutions. An application programming interface (API)-based ransomware detection system (API-RDS) was proposed to provide a static analysis paradigm for detecting Android ransomware apps. API-RDS focuses on examining API packages' calls as leading indicator of ransomware activity to discriminate ransomware with high accuracy before it harms the user's device. API packages' calls of both benign and ransomware apps were thoroughly analyzed and compared. Significant API packages with corresponding methods were identified. The experimental results show that API-RDS outperformed other recent related approaches. API-RDS achieved 97% accuracy while reducing the complexity of the classification model by 26% due to features reduction. Moreover, this research designed a proactive mechanism based on a high quality unique ransomware dataset without duplicated samples. 2959 ransomware samples were collected, tested and reduced by almost 83% due to samples duplication. This research also contributes to constructing an up-to-date, unique dataset that covers the majority of existing Android ransomware families and recent clean apps that could be used as a labeled reference for research community.

show abstract

Eight Years of Rider Measurement in the Android Malware Ecosystem

Cited by 46 publications

References 41 publications

Anomaly‐based exploratory analysis and detection of exploits in android mediaserver

Anomaly‐based exploratory analysis and detection of exploits in android mediaserver

MadDroid: Characterizing and Detecting Devious Ad Contents for Android Apps

Ransomware Detection System for Android Applications

Contact Info

Product

Resources

About