Cybercrime Specialization: An Exposé of a Malicious Android Obfuscation-as-a-Service

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F21%3A00354988" target="_blank" >RIV/68407700:21230/21:00354988 - isvavai.cz</a>

Výsledek na webu

<a href="https://doi.org/10.1109/EuroSPW54576.2021.00029" target="_blank" >https://doi.org/10.1109/EuroSPW54576.2021.00029</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/EuroSPW54576.2021.00029" target="_blank" >10.1109/EuroSPW54576.2021.00029</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Cybercrime Specialization: An Exposé of a Malicious Android Obfuscation-as-a-Service

Popis výsledku v původním jazyce

Malware authors constantly obfuscate their files and defenders regularly develop new techniques to detect them. Given this cat-and-mouse game, specialized obfuscation services have appeared in the cybercrime industry. These services allow malware authors to obfuscate their code for a fee. This study investigates an automated obfuscation-as-a-service platform for Android applications and yields unique insights on the technical difficulties and business reality of those behind such a specialized service. The service investigated was found to be average in quality, mainly using known obfuscation techniques, and generating obfuscated applications that were still detected by anti-viruses. It had a small clientele of large-scale attackers who used the service to decrease anti-virus detections of highly malicious applications, thus increasing their chances of compromising devices. Depending on the price bundles considered, operators offering the service were estimated to have made a minimum revenue ranging from USD 5,100 (conservative) to USD 61,160 (optimistic) for a six-month operation. This study illustrates that even though obfuscation-as-a-service is a market niche, taking advantage of the value added from this specialization is not effortless nor easily accessible to everyone involved in cybercrime.

Název v anglickém jazyce

Cybercrime Specialization: An Exposé of a Malicious Android Obfuscation-as-a-Service

Popis výsledku anglicky

Malware authors constantly obfuscate their files and defenders regularly develop new techniques to detect them. Given this cat-and-mouse game, specialized obfuscation services have appeared in the cybercrime industry. These services allow malware authors to obfuscate their code for a fee. This study investigates an automated obfuscation-as-a-service platform for Android applications and yields unique insights on the technical difficulties and business reality of those behind such a specialized service. The service investigated was found to be average in quality, mainly using known obfuscation techniques, and generating obfuscated applications that were still detected by anti-viruses. It had a small clientele of large-scale attackers who used the service to decrease anti-virus detections of highly malicious applications, thus increasing their chances of compromising devices. Depending on the price bundles considered, operators offering the service were estimated to have made a minimum revenue ranging from USD 5,100 (conservative) to USD 61,160 (optimistic) for a six-month operation. This study illustrates that even though obfuscation-as-a-service is a market niche, taking advantage of the value added from this specialization is not effortless nor easily accessible to everyone involved in cybercrime.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2021

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

ISBN

978-1-6654-1012-0

ISSN

—

e-ISSN

—

Počet stran výsledku

14

Strana od-do

213-226

Název nakladatele

Institute of Electrical and Electronics Engineers

Místo vydání

Brighton

Místo konání akce

Vienna

Datum konání akce

6. 9. 2021

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—