As the COVID-19 pandemic emerged in early 2020, a number of malicious actors have started capitalizing the topic. Although a few media reports mentioned the existence of coronavirus-themed mobile malware, the research community lacks the understanding of the landscape of the coronavirus-themed mobile malware. In this paper, we present the first systematic study of coronavirus-themed Android malware. We first make efforts to create a daily growing COVID-19 themed mobile app dataset, which contains 4,322 COVID-19 themed apk samples (2,500 unique apps) and 611 potential malware samples (370 unique malicious apps) by the time of mid-November, 2020. We then present an analysis of them from multiple perspectives including trends and statistics, installation methods, malicious behaviors and malicious actors behind them. We observe that the COVID-19 themed apps as well as malicious ones began to flourish almost as soon as the pandemic broke out worldwide. Most malicious apps are camouflaged as benign apps using the same app identifiers (e.g., app name, package name and app icon). Their main purposes are either stealing users' private information or making profit by using tricks like phishing and extortion. Furthermore, only a quarter of the COVID-19 malware creators are habitual developers who have been active for a long time, while 75% of them are newcomers in this pandemic. The malicious developers are mainly located in US, mostly targeting countries including English-speaking countries, China, Arabic countries and Europe. To facilitate future research, we have publicly released all the well-labelled COVID-19 themed apps (and malware) to the research community. Till now, over 30 research institutes around the world have requested our dataset for COVID-19 themed research.
翻译:随着2020年初出现COVID-19大流行,一些恶意行为方开始将这一主题资本化。尽管一些媒体报道提到在2020年11月中旬之前存在Corona病毒驱动的移动恶意软件,但研究界缺乏对Corona病毒驱动的移动恶意软件的全景的了解。在本文件中,我们首次系统地研究了Corona病毒驱动的CoVID-19移动应用程序。我们首先努力创建每天不断增长的COVID-19移动应用程序数据集,其中包括4 322 COVID-19的Apk样本(2 500个独特应用程序)和611个潜在的恶意软件样本(370个独特的恶意软件),截至2020年11月中旬,研究界缺乏对Coronrona病毒驱动的移动恶意软件的全景观。我们从多种角度分析这些软件,包括趋势和统计、安装方法、恶意行为和背后的恶意行为。我们观察COVID应用程序以及恶意行为方的应用程序在大流行病爆发后不久就开始兴旺盛。大多数的阿拉伯应用程序都被伪装成良性应用程序,使用相同的应用程序(例如,美国应用程序的D软件名、包装名称、包装名称和纸质化的恶意软件,而我们正在利用其内部的老版的老版研究机构, 也正在利用这些公司内部的老版的服务器来进行着它们自己的研究。