Mobile apps are extensively involved in cyber-crimes. Some apps are malware which compromise users' devices, while some others may lead to privacy leakage. Apart from them, there also exist apps which directly make profit from victims through deceiving, threatening or other criminal actions. We name these apps as CULPRITWARE. They have become emerging threats in recent years. However, the characteristics and the ecosystem of CULPRITWARE remain mysterious. This paper takes the first step towards systematically studying CULPRITWARE and its ecosystem. Specifically, we first characterize CULPRITWARE by categorizing and comparing them with benign apps and malware. The result shows that CULPRITWARE have unique features, e.g., the usage of app generators (25.27%) deviates from that of benign apps (5.08%) and malware (0.43%). Such a discrepancy can be used to distinguish CULPRITWARE from benign apps and malware. Then we understand the structure of the ecosystem by revealing the four participating entities (i.e., developer, agent, operator and reaper) and the workflow. After that, we further reveal the characteristics of the ecosystem by studying the participating entities. Our investigation shows that the majority of CULPRITWARE (at least 52.08%) are propagated through social media rather than the official app markets, and most CULPRITWARE (96%) indirectly rely on the covert fourth-party payment services to transfer the profits. Our findings shed light on the ecosystem, and can facilitate the community and law enforcement authorities to mitigate the threats. We will release the source code of our tools to engage the community.
翻译:移动应用程序广泛涉及网络犯罪。 某些应用程序是恶意软件, 它会损害用户的装置, 而另一些应用程序则可能导致隐私泄露。 除了这些应用程序之外, 还有一些应用程序通过欺骗、 威胁或其他犯罪行为直接使受害者受益。 我们将这些应用程序命名为 CULPRIPWARE 。 这些应用程序在最近几年中已成为新出现的威胁 。 但是, CULPRIPIWARE 的特性和生态系统仍然是神秘的。 本文是系统研究 CULPRIPWARE 及其生态系统的第一步。 具体地说, 我们首先通过将它们与良应用程序和恶意软件进行分类和比较, 来描述CULPRIPWARE 的特征。 结果是, CULPRIT 具有独特的特征, 例如, 应用程序的发电机使用率( 25.27 % ), 与良性应用程序( 5.08% ) 和恶意软件( 0.43% ) 。 这样的差异可以用来区分 CULPRITWA 和恶意软件的特性。 然后我们理解生态系统的结构, 通过披露四个参与实体 (i. developer, lator, lator, strate, lax, lax) us the liver) liver listrual liver) us us liveralateal ex liveralatealatesalates
相关内容
- Today (iOS and OS X): widgets for the Today view of Notification Center
- Share (iOS and OS X): post content to web services or share content with others
- Actions (iOS and OS X): app extensions to view or manipulate inside another app
- Photo Editing (iOS): edit a photo or video in Apple's Photos app with extensions from a third-party apps
- Finder Sync (OS X): remote file storage in the Finder with support for Finder content annotation
- Storage Provider (iOS): an interface between files inside an app and other apps on a user's device
- Custom Keyboard (iOS): system-wide alternative keyboards
Source: iOS 8 Extensions: Apple’s Plan for a Powerful App Ecosystem
微信扫码咨询专知VIP会员