From ZeuS to Zitmo: Trends in Banking Malware

Etaher, Najla; Weir, George R. S.; Alazab, Mamoun

doi:10.1109/trustcom.2015.535

Cited by 44 publications

(26 citation statements)

References 12 publications

(31 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Actually, the strategy of used was only tested on a few APKs that are known to be malicious, unlike our paper that uses thousands of APKs. Finally, Etaher et al [15] report on the trends and development of Zeus by reviewing papers and reports about this major banking trojan. Unlike our paper, the analysis of [15] is based on literature review and not on analyzing APKs.…”

Section: Prior Workmentioning

confidence: 99%

“…Many works on banking trojans focus on the desktop or Web browser domains [12], [16], [7], which are fundamentally different to defend than a mobile environment in terms of both static [4] and dynamic [38] analysis. There are some works which do focus specifically on ABTshowever they either assume post-mortem analysis of samples already known to be ABTs (e.g., [6], [11]) or conduct surveys without proposing a detection algorithm (e.g., [15]). To the best of our knowledge, this paper proposes the first system for both detection (Section 4) and characterization of ABTs (Section 6) and analyzes recent ABTs from 2016-2017 (Section 3).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

DBank: Predictive Behavioral Analysis of Recent Android Banking Trojans

Bai

Han

Mezzour

et al. 2019

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Using a novel dataset of Android banking trojans (ABTs), other Android malware, and goodware, we develop the DBank system to predict whether a given Android APK is a banking trojan or not. We introduce the novel concept of a Triadic Suspicion Graph (TSG for short) which contains three kinds of nodes: goodware, banking trojans, and API packages. We develop a novel feature space based on two classes of scores derived from TSGs: suspicion scores (SUS) and suspicion ranks (SR)-the latter yields a family of features that generalize PageRank. While TSG features (based on SUS/SR scores) provide very high predictive accuracy on their own in predicting recent (2016-2017) ABTs, we show that the combination of TSG features with previously studied lightweight static and dynamic features in the literature yields the highest accuracy in distinguishing ABTs from goodware, while preserving the same accuracy of prior feature combinations in distinguishing ABTs from other Android malware. In particular, DBank's overall accuracy in predicting whether an APK is a banking trojan or not is up to 99.9% AUC with 0.3% false positive rate. Moreover, we have already reported two unlabeled APKs from VirusTotal (which DBank has detected as ABTs) to the Google Android Security Team-in one case, we discovered it before any of the 63 anti-virus products on VirusTotal did, and in the other case, we beat 62 of 63 anti-viruses on VirusTotal. This suggests that DBank is capable of making new discoveries in the wild before other established vendors. We also show that our novel TSG features have some interesting defensive properties as they are robust to knowledge of the training set by an adversary: even if the adversary uses 90% of our training set and uses the exact TSG features that we use, it is difficult for him to infer DBank's predictions on APKs. We additionally identify the features that best separate and characterize ABTs from goodware as well as from other Android malware. Finally, we develop a detailed data-driven analysis of five major recent ABT families: FakeToken, Svpeng, Asacub, BankBot, and Marcher, and identify the features that best separate them from goodware and other malware.

show abstract

Section: Prior Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

DBank: Predictive Behavioral Analysis of Recent Android Banking Trojans

Bai

Han

Mezzour

et al. 2019

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

show abstract

“…Based on the Android botnet history, Eurograbber is one of the most notable and sophisticated attacks from Zeus malware family which occurred in 2012 where it infected more than 30,000 users and stole an estimated 36 million Euros [8][9]. The attack focused on Blackberry, Symbian, and Windows users.…”

Section: Literature Reviewmentioning

confidence: 99%

Intersection Features for Android Botnet Classification

Ismail*,

Yusof,

Abdollah

et al. 2019

IJRTE

View full text Add to dashboard Cite

The evolution of the Internet of things (IoT) has made a significant impact and availed opportunities for mobile device usage on human life. Many of IoT devices will be supposedly controlled through a mobile, giving application (apps) developers great opportunities in the development of new applications. However, hackers are continuously developing malicious applications especially Android botnet to steal private information, causing financial losses and breach user privacy. This paper proposed an enhancement approach for Android botnet classification based on features selection and classification algorithms. The proposed approach used requested permissions in the Android app and API function as features to differentiate between the Android botnet apps and benign apps. The Chi Square was used to select the most significant permissions, then the classification algorithms like Naïve Bayes and Decision Tree were used to classify the Android apps as botnet or benign apps. The results showed that Decision Tree with Chi-Square feature selection achieved the highest detection accuracy of 98.6% which was higher than other classifiers.

show abstract

“…[40], [41]), DDoS (Distributed Denial of Service) attacks, spoofing, phishing, pharming, SSL/TLS attacks and so on, are considered.…”

Section: The Ahp Model For Evaluation Of Online Transaction Systemsmentioning

confidence: 99%

Comparisons of Bitcoin Cryptosystem with Other Common Internet Transaction Systems by AHP Technique

Maček¹,

Alagić²

2017

JIOS

View full text Add to dashboard Cite

This paper describes proposed methodology for evaluation of critical systems and prioritization of critical risks and assets identified in highly secured information systems. For different types of information assets or security environments it is necessary to apply different techniques and methods for their prioritization and evaluation. In this article, VECTOR matrix method for prioritization of critical assets and critical risks is explained and integrated into AHP (Analytic Hierarchy Process) technique as a set of fixed criteria for evaluation of defined alternatives. Bitcoin cryptocurrency was compared and evaluated along with other common Internet transaction systems by information security professionals according to defined VECTOR criteria. Also, the newly proposed hybrid AHP model is presented with potential case studies for future research. This article tries to discover security posture of Bitcoin cryptocurrency in the context of information security risks related to the existing most common online payment systems like e-banking, m-banking, and ecommerce.

show abstract

From ZeuS to Zitmo: Trends in Banking Malware

Cited by 44 publications

References 12 publications

DBank: Predictive Behavioral Analysis of Recent Android Banking Trojans

DBank: Predictive Behavioral Analysis of Recent Android Banking Trojans

Intersection Features for Android Botnet Classification

Comparisons of Bitcoin Cryptosystem with Other Common Internet Transaction Systems by AHP Technique

Contact Info

Product

Resources

About