Dissecting Android Cryptocurrency Miners

[en] Cryptojacking applications pose a serious threat to mobile devices. Due to the extensive computations, they deplete the battery fast and can even damage the device. In this work we make a step towards combating this threat. We collected and manually verified a large dataset of Android mining apps. In this paper, we analyze the gathered miners and identify how they work, what are the most popular libraries and APIs used to facilitate their development, and what static features are typical for this class of applications. Further, we analyzed our dataset using VirusTotal. The majority of our samples is considered malicious by at least one VirusTotal scanner, but 16 apps are not detected by any engine; and at least 5 apks were not seen previously by the service. Mining code could be obfuscated or fetched at runtime, and there are many confusing miner-related apps that actually do not mine. Thus, static features alone are not sufficient for miner detection.We have collected a feature set of dynamic metrics both for miners and unrelated benign apps, and built a machine learning-based tool for dynamic detection. Our BrenntDroid tool is able to detect miners with 95% of accuracy on our dataset.

Disciplines :

Sciences informatiques

Auteur, co-auteur :

DASHEVSKYI, Stanislav ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Zhauniarovich, Yury

GADYATSKAYA, Olga ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

PILGUN, Aleksandr ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > PI Mauw

OUHSSAIN, Hamza ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

Co-auteurs externes :

yes

Langue du document :

Anglais

Titre :

Dissecting Android Cryptocurrency Miners

Date de publication/diffusion :

mars 2020

Nom de la manifestation :

Tenth ACM Conference on Data and Application Security and Privacy

Date de la manifestation :

from 16-03-2020 to 18-03-2020

Manifestation à portée :

International

Titre de l'ouvrage principal :

CODASPY '20: Tenth ACM Conference on Data and Application Security and Privacy, New Orleans LA USA, March 2020

Maison d'édition :

ACM, New York, Etats-Unis - New York

ISBN/EAN :

978-1-4503-7107-0

Pagination :

191–202

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

URL complémentaire :

https://standash.github.io/android-miners-dataset/

Projet FnR :

FNR11289380 - Systematically Exploring Semantic App Models For Android, 2016 (15/11/2016-14/11/2020) - Aleksandr Pilgun

Intitulé du projet de recherche :

Combatting Context-Sensitive Mobile Malware C15/IS/10404933/COMMA

Disponible sur ORBilu :

depuis le 01 janvier 2021

Statistiques

Nombre de vues

260 (dont 4 Unilu)

Nombre de téléchargements

0 (dont 0 Unilu)

Voir plus de statistiques

citations Scopus^®

citations Scopus^®
sans auto-citations

OpenCitations

citations OpenAlex

Bibliographie

Daniel Arp, Michael Spreitzenbarth, Malte Hubner, Hugo Gascon, and Konrad Rieck. 2014. DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket. In Proceedings of the Network and Distributed System Security Symposium. 23-26.
Gerardo Canfora, Eric Medvet, Francesco Mercaldo, and Corrado Aaron Visaggio. 2016. Acquiring and Analyzing App Metrics for Effective Mobile Malware Detection. In Proceedings of the ACM International Workshop on Security And Privacy Analytics. 50-57.
Domhnall Carlin, Philip O'Kane, Sakir Sezer, and Jonah Burgess. 2018. Detecting Cryptomining Using Dynamic Analysis. In Proceedings of the Annual Conference on Privacy, Security and Trust. 1-6.
Luca Caviglione, Mauro Gaggero, Jean-Franccois Lalande, Wojciech Mazurczyk, and Marcin Urba'nski. 2016. Seeing the Unseen: Revealing Mobile Malware Hidden Communications via Energy Consumption and Artificial Intelligence. IEEE Transactions on Information Forensics and Security, Vol. 11, 4 (2016), 799-810.
James Clay, Alexander Hargrave, and Ramalingam Sridhar. 2018. A Power Analysis of Cryptocurrency Mining: A Mobile Device Perspective. In Proceedings of the Annual Conference on Privacy, Security and Trust. 1-5.
Coinhive. 2019. Discontinuation of Coinhive. https://coinhive.com/blog/en/discontinuation-of-coinhive
Mauro Conti, Ankit Gangwal, Gianluca Lain, and Samuele Giuliano Piazzetta. 2019. Detecting Covert Cryptomining using HPC. arxiv: 1909.00268
Cyber Threat Alliance. 2018. The Illicit Cryptocurrency Mining Threat. https://www.cyberthreatalliance.org/wp-content/uploads/2018/09/CTA-Illicit-CryptoMining-Whitepaper.pdf
Stanislav Dashevskyi, Yury Zhauniarovich, Olga Gadyatskaya, Aleksandr Pilgun, and Hamza Ouhssain. 2019. Dissecting Android Cryptocurrency Miners. (2019). arxiv: 1905.02602
Dragos Draghicescu, Alexandru Caranica, Alexandru Vulpe, and Octavian Fratu. 2018. Crypto-Mining Application Fingerprinting Method. In Proceedings of the International Conference on Communications. 543-546.
Randi Eitzman, Kimberly Goody, Bryon Wolcott, and Jeremy Kennelly. 2018. How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: The Growth of Miners. https://www.fireeye.com/blog/threat-research/2018/07/cryptocurrencies-cyber-crime-growth-of-miners.html
Shayan Eskandari, Andreas Leoutsarakos, Troy Mursch, and Jeremy Clark. 2018. A First Look at Browser-based Cryptojacking. arxiv: 1803.02887
Xing Gao, Dachuan Liu, Daiping Liu, and Haining Wang. 2016. On Energy Security of Smartphones. In Proceedings of the ACM Conference on Data and Application Security and Privacy. 148-150.
Geng Hong, Zhemin Yang, Sen Yang, Lei Zhang, Yuhong Nan, Zhibo Zhang, Min Yang, Yuan Zhang, Zhiyun Qian, and Haixin Duan. 2018. How You Get Shot in the Back: A Systematical Study about Cryptojacking in the Real World. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 1701-1713.
Danny Yuxing Huang, Hitesh Dharmdasani, Sarah Meiklejohn, Vacha Dave, Chris Grier, Damon McCoy, Stefan Savage, Nicholas Weaver, Alex C Snoeren, and Kirill Levchenko. 2014. Botcoin: Monetizing Stolen Cycles. In Proceedings of the Network and Distributed System Security Symposium.
Xuxian Jiang and Yajin Zhou. 2012. Dissecting Android Malware: Characterization and Evolution. In Proceedings of the IEEE Symposium on Security and Privacy.
Kaspersky. 2017. Loapi - This Trojan is Hot! https://www.kaspersky.com/blog/loapi-trojan/20510/
Radhesh Krishnan Konoth, Emanuele Vineti, Veelasha Moonsamy, Martina Lindorfer, Christopher Kruegel, Herbert Bos, and Giovanni Vigna. 2018. MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 1714-1730.
Wanli Ma, John Campbell, Dat Tran, and Dale Kleeman. 2010. Password Entropy and Password Quality. In Proceedings of the International Conference on Network and System Security.
Marius Musch, Christian Wressnegger, Martin Johns, and Konrad Rieck. 2018. Web-based Cryptojacking in the Wild. (2018). arxiv: 1808.09474
Panagiotis Papadopoulos, Panagiotis Ilia, and Evangelos P. Markatos. 2018. Truth in Web Mining: Measuring the Profitability and Cost of Cryptominers as a Web Monetization Model. (2018). arxiv: 1806.01994
Sergio Pastrana and Guillermo Suarez-Tangil. 2019. A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted Wealth. In Proceedings of the Internet Measurement Conference. 73-86.
F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, and E. Duchesnay. 2011. Scikit-learn: Machine Learning in Python. Journal of Machine Learning Research, Vol. 12 (2011), 2825-2830.
Qualcomm Technologies, Inc. 2019. Snapdragon Profiler. https://developer.qualcomm.com/software/snapdragon-profiler
Julian Rauchberger, Sebastian Schrittwieser, Tobias Dam, Robert Luh, Damjan Buhov, Gerhard Pötzelsberger, and Hyoungshick Kim. 2018. The Other Side of the Coin: A Framework for Detecting and Analyzing Web-Based Cryptocurrency Mining Campaigns. In Proceedings of the International Conference on Availability, Reliability and Security. Article 18.
Jan Rüth, Torsten Zimmermann, Konrad Wolsing, and Oliver Hohlfeld. 2018. Digging into Browser-based Crypto Mining. In Proceedings of the Internet Measurement Conference.
Muhammad Saad, Aminollah Khormali, and Aziz Mohaisen. 2018. End-to-End Analysis of In-Browser Cryptojacking. (2018). arxiv: 1809.02152
Aleieldin Salem, F. Franziska Paulus, and Alexander Pretschner. 2018. Repackman: A Tool for Automatic Repackaging of Android Apps. In Proceedings of the International Workshop on Advances in Mobile App Analysis. 25-28.
Sophos Labs. 2018. CoinMiner and Other Malicious Cryptominers Targeting Android. https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophos-coinminer-and-other-malicious-cryptominers-tpna.pdf
Kimberly Tam, Ali Feizollah, Nor Badrul Anuar, Rosli Salleh, and Lorenzo Cavallaro. 2017. The Evolution of Android Malware and Android Analysis Techniques. Comput. Surveys, Vol. 49, 4 (Jan. 2017).
Liam Tung. 2017. Android Security: Coin Miners Show up in Apps and Sites to Wear out your CPU. https://www.zdnet.com/article/android-security-coin-miners-show-up-in-apps-and-sites-to-wear-out-your-cpu/
Wenhao Wang, Benjamin Ferrell, Xiaoyang Xu, Kevin W Hamlen, and Shuang Hao. 2018. SEISMIC: SEcure In-lined Script Monitors for Interrupting Cryptojacks. In Proceedings of the European Symposium on Research in Computer Security. 122-142.
Wei Wang, Xing Wang, Dawei Feng, Jiqiang Liu, Zhen Han, and Xiangliang Zhang. 2014. Exploring Permission-induced Risk in Android Applications for Malicious Application Detection. IEEE Transactions on Information Forensics and Security, Vol. 9, 11 (2014), 1869-1882.
Lifan Xu, Dongping Zhang, Nuwan Jayasena, and John Cavazos. 2016. HADM: Hybrid Analysis for Detection of Malware. In Proceedings of the SAI Intelligent Systems Conference.
Yury Zhauniarovich, Maqsood Ahmad, Olga Gadyatskaya, Bruno Crispo, and Fabio Massacci. 2015. StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications. In Proceedings of the ACM Conference on Data and Application Security and Privacy. 37-48.
Yury Zhauniarovich and Olga Gadyatskaya. 2016. Small Changes, Big Changes: An Updated View on the Android Permission System. In Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses. 346-367.
Yury Zhauniarovich, Olga Gadyatskaya, and Bruno Crispo. 2013. DEMO: Enabling Trusted Stores for Android. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 1345-1348.
Yury Zhauniarovich, Olga Gadyatskaya, Bruno Crispo, Francesco La Spina, and Ermanno Moser. 2014. FSquaDRA: Fast Detection of Repackaged Applications. In Proceedings of the IFIP Annual Conference on Data and Applications Security and Privacy. 130-145.
Ziyun Zhu and Tudor Dumitraundefined. 2016. Feature Smith: Automatically Engineering Features for Malware Detection by Mining the Security Literature. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 767-778.