poster

Detecting money-stealing apps in alternative Android markets

Authors:

Chao Yang,

Vinod Yegneswaran,

Phillip Porras,

Guofei GuAuthors Info & Claims

CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

Pages 1034 - 1036

https://doi.org/10.1145/2382196.2382316

Published: 16 October 2012 Publication History

Get Access

Abstract

The prevalence of malware in Android marketplaces is a growing and significant problem. Among the most worrisome concerns are with regarding to malicious Android applications that attempt to steal money from unsuspecting users. These malicious applications get uploaded under the guise of benign applications, typically to third-party alternative market places that lack proper security vetting procedures, and are subsequently downloaded and executed by unsuspecting victims. In this work, we propose "Money-Guard", a systematic approach to detect stealthy moneystealing applications in popular Android markets. Our technique relies on detecting two key behavioral heuristics that seem to be common across many money-stealing Android malware: hardcoded exfiltration and notification suppression. In our preliminary analysis of 47 SMS-based money stealing applications, we confirm that 41 of these applications follow the above pattern, and describe a light weight detection approach that will identify this behavioral pattern.

References

[1]

Anzhi android market. http://www.anzhi.com/.

Google Scholar

[2]

App dh android market. http://www.appdh.com/.

Google Scholar

[3]

Circumventing google bouncer. http://www.extremetech.com/computing/130424-circumventing-googles-bouncer-androids-anti-malware-system.

Google Scholar

[4]

Fake android apps scam costs. http://www.telegraph.co.uk/technology/news/9286538/Fake-Android-apps-scam-costs-28000.html.

Google Scholar

[5]

Money-stealing apps are hosting in the mobile devices. http://finance.sina.com.cn/money/lczx/20120410/070311783396.shtml.

Google Scholar

[6]

Slideme android market. http://slideme.org/.

Google Scholar

[7]

Bose, A., Hu, X., Shin, K. G., and Park, T. Behavioral detection of malware on mobile handsets. In Proceeding of the 6th International Conference on Mobile Systems, Applications, and Services (MobiSys'08).

Digital Library

Google Scholar

[8]

Enck, W., Gilbert, P., Chun, B.-G., Cox, L. P., Jung, J., Mc-Daniel, P., and Sheth, A. N. Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI'10).

Digital Library

Google Scholar

[9]

Jacoby, G., and Davis, N. Battery-based intrusion detection. In in Global Telecommunications Conference (GLOBECOM'04).

Google Scholar

[10]

Kim, H., Smith, J., and Shin, K. G. Detecting energy-greedy anomalies and mobile malware variants. In Proceedings of the 6th international conference on Mobile systems, applications, and services (MobiSys'08).

Digital Library

Google Scholar

[11]

Schmidt, A., Bye, R., Schmidt, H., Clausen, J., Kiraz, O., Yxksel, K., Camtepe, S., and Sahin, A. Static analysis of executables for collaborative malware detection on android. In ICC Communication and Information Systems Security Symposium (2009).

Digital Library

Google Scholar

[12]

Zhou, Y., Wang, Z., Zhou, W., and Jiang., X. Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In Proceedings of the 19th Annual Symposium on Network and Distributed System Security (NDSS'12).

Google Scholar

Cited By

View all

Shahriar HIslam MClincy V(2017)Android malware detection using permission analysisSoutheastCon 201710.1109/SECON.2017.7925347(1-6)Online publication date: Mar-2017
https://doi.org/10.1109/SECON.2017.7925347
Jang JYun JMohaisen AWoo JKim H(2016)Detecting and classifying method based on similarity matching of Android malware behavior with profileSpringerPlus10.1186/s40064-016-1861-x5:1Online publication date: 3-Mar-2016
https://doi.org/10.1186/s40064-016-1861-x
Bacis EMutti SParaboschi SBao FMiller SZhou JAhn G(2015)AppPolicyModulesProceedings of the 10th ACM Symposium on Information, Computer and Communications Security10.1145/2714576.2714626(309-320)Online publication date: 14-Apr-2015
https://dl.acm.org/doi/10.1145/2714576.2714626
Show More Cited By

Index Terms

Detecting money-stealing apps in alternative Android markets
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
  2. Systems security
    1. Operating systems security

Recommendations

Activation Pattern Analysis on Malicious Android Mobile Applications
AIMS '13: Proceedings of the 2013 1st International Conference on Artificial Intelligence, Modelling and Simulation

The malicious android mobile applications developed by attackers are increasing rapidly. In order to reduce the damage caused by the malicious applications, the activation based pattern analysis mechanisms should be developed to determine normal and ...
Smart malware detection on Android

Nowadays, because of its increased popularity, Android is target to a growing number of attacks and malicious applications, with the purpose of stealing private information and consuming credit by subscribing to premium services. Most of the current ...
Detecting Android malware using sequences of system calls
DeMobile 2015: Proceedings of the 3rd International Workshop on Software Development Lifecycle for Mobile

The increasing diffusion of smart devices, along with the dynamism of the mobile applications ecosystem, are boosting the production of malware for the Android platform. So far, many different methods have been developed for detecting Android malware, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

October 2012

1088 pages

ISBN:9781450316514

DOI:10.1145/2382196

General Chair:
Ting Yu
North Carolina State University, USA
,
Program Chairs:
George Danezis
Microsoft Research Cambridge, UK
,
Virgil Gligor
Carnegie Mellon University, USA

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 October 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Poster

Conference

CCS'12

Sponsor:

SIGSAC

CCS'12: the ACM Conference on Computer and Communications Security

October 16 - 18, 2012

North Carolina, Raleigh, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
801
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)2

Reflects downloads up to 18 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Shahriar HIslam MClincy V(2017)Android malware detection using permission analysisSoutheastCon 201710.1109/SECON.2017.7925347(1-6)Online publication date: Mar-2017
https://doi.org/10.1109/SECON.2017.7925347
Jang JYun JMohaisen AWoo JKim H(2016)Detecting and classifying method based on similarity matching of Android malware behavior with profileSpringerPlus10.1186/s40064-016-1861-x5:1Online publication date: 3-Mar-2016
https://doi.org/10.1186/s40064-016-1861-x
Bacis EMutti SParaboschi SBao FMiller SZhou JAhn G(2015)AppPolicyModulesProceedings of the 10th ACM Symposium on Information, Computer and Communications Security10.1145/2714576.2714626(309-320)Online publication date: 14-Apr-2015
https://dl.acm.org/doi/10.1145/2714576.2714626
Clincy VShahriar H(2015)A Novel Approach to Detect Tampered Wireless Network ApplicationsProceedings of the 2015 12th International Conference on Information Technology - New Generations10.1109/ITNG.2015.37(197-199)Online publication date: 13-Apr-2015
https://dl.acm.org/doi/10.1109/ITNG.2015.37
Zhang LZhang YZang T(2015)Detecting Malicious Behaviors in Repackaged Android Apps with Loosely-Coupled Payloads Filtering SchemeInternational Conference on Security and Privacy in Communication Networks10.1007/978-3-319-23829-6_31(454-462)Online publication date: 8-Nov-2015
https://doi.org/10.1007/978-3-319-23829-6_31
Shahriar HHaddad HPoet RMuttukrishnan R(2014)Content Provider Leakage Vulnerability Detection in Android ApplicationsProceedings of the 7th International Conference on Security of Information and Networks10.1145/2659651.2659716(359-366)Online publication date: 9-Sep-2014
https://dl.acm.org/doi/10.1145/2659651.2659716
Shahriar HClincy V(2014)Detection of repackaged Android MalwareThe 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014)10.1109/ICITST.2014.7038835(349-354)Online publication date: Dec-2014
https://doi.org/10.1109/ICITST.2014.7038835

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Activation Pattern Analysis on Malicious Android Mobile Applications

Smart malware detection on Android

Detecting Android malware using sequences of system calls