Cybercrime Specialization: An Exposé of a Malicious Android Obfuscation-as-a-Service
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F21%3A00354988" target="_blank" >RIV/68407700:21230/21:00354988 - isvavai.cz</a>
Výsledek na webu
<a href="https://doi.org/10.1109/EuroSPW54576.2021.00029" target="_blank" >https://doi.org/10.1109/EuroSPW54576.2021.00029</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1109/EuroSPW54576.2021.00029" target="_blank" >10.1109/EuroSPW54576.2021.00029</a>
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
Cybercrime Specialization: An Exposé of a Malicious Android Obfuscation-as-a-Service
Popis výsledku v původním jazyce
Malware authors constantly obfuscate their files and defenders regularly develop new techniques to detect them. Given this cat-and-mouse game, specialized obfuscation services have appeared in the cybercrime industry. These services allow malware authors to obfuscate their code for a fee. This study investigates an automated obfuscation-as-a-service platform for Android applications and yields unique insights on the technical difficulties and business reality of those behind such a specialized service. The service investigated was found to be average in quality, mainly using known obfuscation techniques, and generating obfuscated applications that were still detected by anti-viruses. It had a small clientele of large-scale attackers who used the service to decrease anti-virus detections of highly malicious applications, thus increasing their chances of compromising devices. Depending on the price bundles considered, operators offering the service were estimated to have made a minimum revenue ranging from USD 5,100 (conservative) to USD 61,160 (optimistic) for a six-month operation. This study illustrates that even though obfuscation-as-a-service is a market niche, taking advantage of the value added from this specialization is not effortless nor easily accessible to everyone involved in cybercrime.
Název v anglickém jazyce
Cybercrime Specialization: An Exposé of a Malicious Android Obfuscation-as-a-Service
Popis výsledku anglicky
Malware authors constantly obfuscate their files and defenders regularly develop new techniques to detect them. Given this cat-and-mouse game, specialized obfuscation services have appeared in the cybercrime industry. These services allow malware authors to obfuscate their code for a fee. This study investigates an automated obfuscation-as-a-service platform for Android applications and yields unique insights on the technical difficulties and business reality of those behind such a specialized service. The service investigated was found to be average in quality, mainly using known obfuscation techniques, and generating obfuscated applications that were still detected by anti-viruses. It had a small clientele of large-scale attackers who used the service to decrease anti-virus detections of highly malicious applications, thus increasing their chances of compromising devices. Depending on the price bundles considered, operators offering the service were estimated to have made a minimum revenue ranging from USD 5,100 (conservative) to USD 61,160 (optimistic) for a six-month operation. This study illustrates that even though obfuscation-as-a-service is a market niche, taking advantage of the value added from this specialization is not effortless nor easily accessible to everyone involved in cybercrime.
Klasifikace
Druh
D - Stať ve sborníku
CEP obor
—
OECD FORD obor
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Návaznosti výsledku
Projekt
—
Návaznosti
I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace
Ostatní
Rok uplatnění
2021
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Údaje specifické pro druh výsledku
Název statě ve sborníku
2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
ISBN
978-1-6654-1012-0
ISSN
—
e-ISSN
—
Počet stran výsledku
14
Strana od-do
213-226
Název nakladatele
Institute of Electrical and Electronics Engineers
Místo vydání
Brighton
Místo konání akce
Vienna
Datum konání akce
6. 9. 2021
Typ akce podle státní příslušnosti
WRD - Celosvětová akce
Kód UT WoS článku
—