Mobile App Squatting

Hu, Yangyu; Wang, Haoyu; Ren, He; Li, Li; Tyson, Gareth; Castro, Ignacio; Guo, Yao; Wu, Lei; Xu, Guizhi

doi:10.1145/3366423.3380243

Cited by 34 publications

(11 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Typosquatting specifically, refers to attackers registering mistyped domain names (such as twitte.com) in an attempt to capture all the traffic from users who mistype a website's URL in their browsers. Past research has characterized the typosquatting abuse in the wild [14], [17], [28], [35], [52], [45] as well as the effects of typos in related areas, such as, website development [36], package managers [2], and mobile app stores [27]. In this paper, we discovered that while typos are one of the reasons for unintended URLs (where a Twitter user intends to tweet one URL but tweets another), the main culprit of unintended URLs is the semantic gap between what a user types (such as a sentence with a missing space or an Instagram ID) and what Twitter infers that that user typed (i.e., a URL).…”

Section: Related Workmentioning

confidence: 99%

To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media

Kaleli¹,

Kondracki²,

Egele³

et al. 2021

Proceedings 2021 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

To make their services more user friendly, online social media platforms automatically identify text that corresponds to URLs and render it as clickable links. In this paper, we show that the techniques used by such services to recognize URLs are often too permissive and can result in unintended URLs being displayed in social network messages. Among others, we show that popular platforms (such as Twitter) will render text as a clickable URL if a user forgets a space after a full stop at the end of a sentence, and the first word of the next sentence happens to be a valid Top Level Domain. Attackers can take advantage of these unintended URLs by registering the corresponding domains and exposing millions of Twitter users to arbitrary malicious content. To characterize the threat that unintended URLs pose to social media users, we perform a large-scale study of unintended URLs in tweets over a period of 7 months. By designing a classifier capable of differentiating between intended and unintended URLs posted in tweets, we find more than 26K unintended URLs posted by accounts with tens of millions of followers. As part of our study, we also register 45 unintended domains and quantify the traffic that attackers can get by merely registering the right domains at the right time. Finally, due to the severity of our findings, we propose a lightweight browser extension which can, on the fly, analyze the tweets that users compose and alert them of potentially unintended URLs and raise a warning, allowing users to fix their mistake before the tweet is posted.

show abstract

Section: Related Workmentioning

confidence: 99%

To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media

Kaleli¹,

Kondracki²,

Egele³

et al. 2021

Proceedings 2021 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…To increase the chance of getting more infections, attackers register package names that are similar to existing (usually popular) packages by package typosquatting or package combosquatting ( [5], [6]) in which they split the package name into elements based on the "hyphen" character, and rearrange the elements, e.g., "python-nmap" into "nmap-python". Users who mistype or confuse the package name will install the malicious package instead of the legitimate one.…”

Section: Crafting and Shipping Malicious Packagesmentioning

confidence: 99%

“…Hence, our proposed approach relies on the Levenshtein distance applicable to most of the PyPI ecosystem packages. To capture packages with short names, we plan to use common name patterns (e.g., repeated or swapped characters)( [5], [8]).…”

Section: Threats To Validitymentioning

confidence: 99%

Typosquatting and Combosquatting Attacks on the Python Ecosystem

Pashchenko

Massacci

et al. 2020

2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

View full text Add to dashboard Cite

Limited automated controls integrated into the Python Package Index (PyPI) package uploading process make PyPI an attractive target for attackers to trick developers into using malicious packages. Several times this goal has been achieved via the combosquatting and typosquatting attacks when attackers give malicious packages similar names to already existing legitimate ones. In this paper, we study the attacks, identify potential attack targets, and propose an approach to identify combosquatting and typosquatting package names automatically. The approach might serve as a basis for an automated system that ensures the security of the packages uploaded and distributed via PyPI.

show abstract

“…Software clone exists since PC era and appears on Android platform more extensively owing to the openness and popularity of Android system. In the context of app clone, the plagiarists' goal is to grab subscribers and gain fame by copying the core function [5], [6], the UI [7]- [9], and even product names and brands of legal apps [10], [11]. Clint et al [5] reported that repackaging apps will result in a 14% decrease in advertising revenue for the hardworking developers of original apps.…”

Section: Introductionmentioning

confidence: 99%

Robust App Clone Detection Based on Similarity of UI Structure

Zhang

et al. 2020

IEEE Access

Self Cite

View full text Add to dashboard Cite

App clone is a serious threat to the mobile app ecosystem, which not only damages the benefits of original developers, but also contributes to spreading malware. App clone detection has received extensive attentions from our research community, and a number of approaches were proposed, which mainly rely on code or visual similarity of the apps. However, the tricky plagiarists in the wild may specifically modify the code or the content of User Interface (UI), which will lead to the ineffectiveness of current methods. In this paper, we propose a robust app clone detection method based on the similarity of UI structure. The key idea behind our approach is based on the finding that content features (e.g., background color) are more likely to be modified by plagiarists, while structure features (e.g., overall hierarchy structure, widget hierarchy structure) are relative stable, which could be used to detect different levels of clone attacks. Experiment results on a labeled benchmark of 4,720 similar app pairs show that our approach could achieve an accuracy of 99.6%. Compare with existing approaches, our approach works in practice with high effectiveness. We have implemented a prototype system and applied it to more than 404,650 app pairs, and we found 1,037 app clone pairs, most of them are piggybacking apps that introduced malicious payloads.INDEX TERMS App clone, code clone, mobile app, user interface, android.

show abstract

Mobile App Squatting

Cited by 34 publications

References 35 publications

To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media

To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media

Typosquatting and Combosquatting Attacks on the Python Ecosystem

Robust App Clone Detection Based on Similarity of UI Structure

Contact Info

Product

Resources

About