Dissecting Android Cryptocurrency Miners

Dashevskyi, Stanislav; Zhauniarovich, Yury; Gadyatskaya, Olga; Pilgun, Aleksandr; Ouhssain, Hamza

doi:10.1145/3374664.3375724

Reference : Dissecting Android Cryptocurrency Miners


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Security, Reliability and Trust
	To cite this reference:	http://hdl.handle.net/10993/45293

Title :	Dissecting Android Cryptocurrency Miners
Language :	English
Author, co-author :	Dashevskyi, Stanislav [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Zhauniarovich, Yury []
	Gadyatskaya, Olga [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Pilgun, Aleksandr [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > PI Mauw >]
	Ouhssain, Hamza [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Publication date :	Mar-2020
Main document title :	CODASPY '20: Tenth ACM Conference on Data and Application Security and Privacy, New Orleans LA USA, March 2020
Publisher :	ACM
Pages :	191–202
Peer reviewed :	Yes
On invitation :	No
Audience :	International
ISBN :	978-1-4503-7107-0
City :	New York
Country :	NY
Event name :	Tenth ACM Conference on Data and Application Security and Privacy
Event date :	from 16-03-2020 to 18-03-2020
Keywords :	[en] Android ; cryptocurrency ; mining
Abstract :	[en] Cryptojacking applications pose a serious threat to mobile devices. Due to the extensive computations, they deplete the battery fast and can even damage the device. In this work we make a step towards combating this threat. We collected and manually verified a large dataset of Android mining apps. In this paper, we analyze the gathered miners and identify how they work, what are the most popular libraries and APIs used to facilitate their development, and what static features are typical for this class of applications. Further, we analyzed our dataset using VirusTotal. The majority of our samples is considered malicious by at least one VirusTotal scanner, but 16 apps are not detected by any engine; and at least 5 apks were not seen previously by the service. Mining code could be obfuscated or fetched at runtime, and there are many confusing miner-related apps that actually do not mine. Thus, static features alone are not sufficient for miner detection.We have collected a feature set of dynamic metrics both for miners and unrelated benign apps, and built a machine learning-based tool for dynamic detection. Our BrenntDroid tool is able to detect miners with 95% of accuracy on our dataset.
Name of the research project :	Combatting Context-Sensitive Mobile Malware C15/IS/10404933/COMMA
Target :	Researchers ; Professionals ; Students ; General public
Permalink :	http://hdl.handle.net/10993/45293
DOI :	10.1145/3374664.3375724
Other URL :	https://standash.github.io/android-miners-dataset/
FnR project :	FnR ; FNR11289380 > Aleksandr Pilgun > > Systematically Exploring Semantic App Models for Android > 15/11/2016 > 14/11/2020 > 2016

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Limited access	miners-preprint.pdf		Author preprint	1.33 MB	Request a copy

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices