Paper Info
Title
DroydSeuss: A Mobile Banking Trojan Tracker (Short Paper).
Abstract
After analyzing several Android mobile banking trojans, we observed the presence of repetitive artifacts that describe valuable information about the distribution of this class of malicious apps. Motivated by the high threat level posed by mobile banking trojans and by the lack of publicly available analysis and intelligence tools, we automated the extraction of such artifacts and created a malware tracker named DroydSeuss. DroydSeuss first processes applications both statically and dynamically, extracting relevant strings that contain traces of communication endpoints. Second, it prioritizes the extracted strings based on the APIs that manipulate them. Finally, DroydSeuss correlates the endpoints with descriptive metadata from the samples, providing aggregated statistics, raw data, and cross-sample information that allow researchers to pinpoint relevant groups of applications. We connected DroydSeuss to the VirusTotal daily feed, consuming Android samples that perform banking-trojan activity. We manually analyzed its output and found supporting evidence to confirm its correctness. Remarkably, the most frequent itemset unveiled a campaign currently spreading against Chinese and Korean bank customers. Although motivated by mobile banking trojans, DroydSeuss can be used to analyze the communication behavior of any suspicious application.
Year
DOI
Venue
2016
10.1007/978-3-662-54970-4_14
Lecture Notes in Computer Science
Field
DocType
Volume
Metadata,World Wide Web,Internet privacy,Android (operating system),Computer science,Computer security,Covert channel,Raw data,Trojan,Mobile banking,Malware
Conference
9603
ISSN
Citations 
PageRank 
0302-9743
0
0.34
References 
Authors
0
3
Name
Order
Citations
PageRank
Alberto Coletta100.34
Victor van der Veen229911.53
Federico Maggi352437.68