Costly freeware: a systematic analysis of abuse in download portals

Rivera, Richard; Kotzias, Platon; Sudhodanan, Avinash; Caballero, Juan

doi:10.1049/iet-ifs.2017.0585

Cited by 7 publications

(4 citation statements)

References 11 publications

(13 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although the use of digital signatures in malware is not a growing trend [6], [7], there are documented cases of signed malware samples in the wild (such as Stuxnet [8], Duqu, or Flame, to name a few). Malware developers use trusted certificates that were either compromised or issued directly to them to sign their software.…”

Section: Comité Ejecutivomentioning

confidence: 99%

A Review of “On Challenges in Verifying Trusted Executable Files in Memory Forensics”

Uroz¹,

Rodríguez²

2021

Investigación en Ciberseguridad

View full text Add to dashboard Cite

show abstract

Section: Comité Ejecutivomentioning

confidence: 99%

A Review of “On Challenges in Verifying Trusted Executable Files in Memory Forensics”

Uroz¹,

Rodríguez²

2021

Investigación en Ciberseguridad

View full text Add to dashboard Cite

show abstract

“…In comparison, our work measures malware distribution via multiple channels like the Play market store, alternative markets, browsers, IM, and PPI services. Prior work has analyzed Windows malware distribution through underground pay-per-install services [23], drive-by downloads [38], [58], free streaming services [59], and download portals [35], [60]. Results from these studies do not necessarily extrapolate on Android due to inherent platform differences.…”

Section: Related Workmentioning

confidence: 99%

How Did That Get In My Phone? Unwanted App Distribution on Android Devices

Kotzias¹,

Caballero²,

Bilge³

2020

Preprint

Self Cite

View full text Add to dashboard Cite

Android is the most popular operating system with billions of active devices. Unfortunately, its popularity and openness makes it attractive for unwanted apps, i.e., malware and potentially unwanted programs (PUP). In Android, app installations typically happen via the official and alternative markets, but also via other smaller and less understood alternative distribution vectors such as Web downloads, pay-per-install (PPI) services, backup restoration, bloatware, and IM tools. This work performs a thorough investigation on unwanted app distribution by quantifying and comparing distribution through different vectors. At the core of our measurements are reputation logs of a large security vendor, which include 7.9M apps observed in 12M devices between June and September 2019. As a first step, we measure that between 10% and 24% of users devices encounter at least one unwanted app, and compare the prevalence of malware and PUP. An analysis of the who-installs-who relationships between installers and child apps reveals that the Play market is the main app distribution vector, responsible for 87% of all installs and 67% of unwanted app installs, but it also has the best defenses against unwanted apps. Alternative markets distribute instead 5.7% of all apps, but over 10% of unwanted apps. Bloatware is also a significant unwanted app distribution vector with 6% of those installs. And, backup restoration is an unintentional distribution vector that may even allow unwanted apps to survive users' phone replacement. We estimate unwanted app distribution via PPI to be smaller than on Windows. Finally, we observe that Web downloads are rare, but provide a riskier proposition even compared to alternative markets.

show abstract

“…Geniola et al [27] collected 800 installers of promoted applications from 8 download portals, executed them in a sandbox, and found that 1.3% of those installers drop well-known PUP to the system. Rivera et al [26] measured the amount of abuse in download portals. They analyzed all Windows programs offered by 20 download portals and reported an overall ratio of PUP and malware between 8% and 26%.…”

Section: Related Workmentioning

confidence: 99%

“…Download portals are websites that index, categorize, and host programs. Prior work from security vendors [23][24][25] and academic researchers [26,27] have studied the abuse of download portals by PUP and malware. A commercial PPI service acts as an intermediary between advertisers, who want to distribute their programs, and affiliates, who own programs (typically freeware) that users want to install.…”

Section: Introductionmentioning

confidence: 99%

A Systematic Empirical Analysis of Unwanted Software Abuse, Prevalence, Distribution, and Economics

Kotzias¹

View full text Add to dashboard Cite

show abstract

Costly freeware: a systematic analysis of abuse in download portals

Cited by 7 publications

References 11 publications

A Review of “On Challenges in Verifying Trusted Executable Files in Memory Forensics”

A Review of “On Challenges in Verifying Trusted Executable Files in Memory Forensics”

How Did That Get In My Phone? Unwanted App Distribution on Android Devices

A Systematic Empirical Analysis of Unwanted Software Abuse, Prevalence, Distribution, and Economics

Contact Info

Product

Resources

About