Dissecting Android Cryptocurrency Miners
Cryptojacking applications pose a serious threat to mobile devices. Due to the extensive computations, they deplete the battery fast and can even damage the device. In this work we make a step towards combating this threat. We collected and manually verified a large dataset of Android mining apps. I...
Gespeichert in:
| Veröffentlicht in: | arXiv.org 2020-02 |
|---|---|
| Hauptverfasser: | , , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | arXiv.org |
| container_volume | |
| creator | Dashevskyi, Stanislav Zhauniarovich, Yury Gadyatskaya, Olga Pilgun, Aleksandr Hamza Ouhssain |
| description | Cryptojacking applications pose a serious threat to mobile devices. Due to the extensive computations, they deplete the battery fast and can even damage the device. In this work we make a step towards combating this threat. We collected and manually verified a large dataset of Android mining apps. In this paper, we analyze the gathered miners and identify how they work, what are the most popular libraries and APIs used to facilitate their development, and what static features are typical for this class of applications. Further, we analyzed our dataset using VirusTotal. The majority of our samples is considered malicious by at least one VirusTotal scanner, but 16 apps are not detected by any engine; and at least 5 apks were not seen previously by the service. Mining code could be obfuscated or fetched at runtime, and there are many confusing miner-related apps that actually do not mine. Thus, static features alone are not sufficient for miner detection. We have collected a feature set of dynamic metrics both for miners and unrelated benign apps, and built a machine learning-based tool for dynamic detection. Our BrenntDroid tool is able to detect miners with 95% of accuracy on our dataset. This preprint is a technical report accompanying the paper "Dissecting Android Cryptocurrency Miners" published in ACM CODASPY 2020. |
| doi_str_mv | 10.48550/arxiv.1905.02602 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_arxiv</sourceid><recordid>TN_cdi_arxiv_primary_1905_02602</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2222314522</sourcerecordid><originalsourceid>FETCH-LOGICAL-a522-8fc0fe08fd77c394c6bbe4c4446289d0b3b3a4f7ba4ab12caf29590769cf890a3</originalsourceid><addsrcrecordid>eNotj01LxDAYhIMguKz7AzxZ8OKl9c2bpE2OS_2EFS97L0maSBZta9KK_ffWXecyhxmGeQi5olBwKQTc6fgTvguqQBSAJeAZWSFjNJcc8YJsUjoALEGFQrAVub0PKTk7hu4923Zt7EOb1XEext5OMbrOztlr6FxMl-Tc64_kNv--JvvHh339nO_enl7q7S7XAjGX3oJ3IH1bVZYpbktjHLec8xKlasEwwzT3ldFcG4pWe1RCQVUq66UCzdbk-jR7xGiGGD51nJs_nOaIszRuTo0h9l-TS2Nz6KfYLZ8aXMQoX46wX2N0TJE</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2222314522</pqid></control><display><type>article</type><title>Dissecting Android Cryptocurrency Miners</title><source>arXiv.org</source><source>Free E- Journals</source><creator>Dashevskyi, Stanislav ; Zhauniarovich, Yury ; Gadyatskaya, Olga ; Pilgun, Aleksandr ; Hamza Ouhssain</creator><creatorcontrib>Dashevskyi, Stanislav ; Zhauniarovich, Yury ; Gadyatskaya, Olga ; Pilgun, Aleksandr ; Hamza Ouhssain</creatorcontrib><description>Cryptojacking applications pose a serious threat to mobile devices. Due to the extensive computations, they deplete the battery fast and can even damage the device. In this work we make a step towards combating this threat. We collected and manually verified a large dataset of Android mining apps. In this paper, we analyze the gathered miners and identify how they work, what are the most popular libraries and APIs used to facilitate their development, and what static features are typical for this class of applications. Further, we analyzed our dataset using VirusTotal. The majority of our samples is considered malicious by at least one VirusTotal scanner, but 16 apps are not detected by any engine; and at least 5 apks were not seen previously by the service. Mining code could be obfuscated or fetched at runtime, and there are many confusing miner-related apps that actually do not mine. Thus, static features alone are not sufficient for miner detection. We have collected a feature set of dynamic metrics both for miners and unrelated benign apps, and built a machine learning-based tool for dynamic detection. Our BrenntDroid tool is able to detect miners with 95% of accuracy on our dataset. This preprint is a technical report accompanying the paper "Dissecting Android Cryptocurrency Miners" published in ACM CODASPY 2020.</description><identifier>EISSN: 2331-8422</identifier><identifier>DOI: 10.48550/arxiv.1905.02602</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Applications programs ; Computer Science - Cryptography and Security ; Datasets ; Electronic devices ; Machine learning</subject><ispartof>arXiv.org, 2020-02</ispartof><rights>2020. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,780,784,885,27925</link.rule.ids><backlink>$$Uhttps://doi.org/10.48550/arXiv.1905.02602$$DView paper in arXiv$$Hfree_for_read</backlink><backlink>$$Uhttps://doi.org/10.1145/3374664.3375724$$DView published paper (Access to full text may be restricted)$$Hfree_for_read</backlink></links><search><creatorcontrib>Dashevskyi, Stanislav</creatorcontrib><creatorcontrib>Zhauniarovich, Yury</creatorcontrib><creatorcontrib>Gadyatskaya, Olga</creatorcontrib><creatorcontrib>Pilgun, Aleksandr</creatorcontrib><creatorcontrib>Hamza Ouhssain</creatorcontrib><title>Dissecting Android Cryptocurrency Miners</title><title>arXiv.org</title><description>Cryptojacking applications pose a serious threat to mobile devices. Due to the extensive computations, they deplete the battery fast and can even damage the device. In this work we make a step towards combating this threat. We collected and manually verified a large dataset of Android mining apps. In this paper, we analyze the gathered miners and identify how they work, what are the most popular libraries and APIs used to facilitate their development, and what static features are typical for this class of applications. Further, we analyzed our dataset using VirusTotal. The majority of our samples is considered malicious by at least one VirusTotal scanner, but 16 apps are not detected by any engine; and at least 5 apks were not seen previously by the service. Mining code could be obfuscated or fetched at runtime, and there are many confusing miner-related apps that actually do not mine. Thus, static features alone are not sufficient for miner detection. We have collected a feature set of dynamic metrics both for miners and unrelated benign apps, and built a machine learning-based tool for dynamic detection. Our BrenntDroid tool is able to detect miners with 95% of accuracy on our dataset. This preprint is a technical report accompanying the paper "Dissecting Android Cryptocurrency Miners" published in ACM CODASPY 2020.</description><subject>Applications programs</subject><subject>Computer Science - Cryptography and Security</subject><subject>Datasets</subject><subject>Electronic devices</subject><subject>Machine learning</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GOX</sourceid><recordid>eNotj01LxDAYhIMguKz7AzxZ8OKl9c2bpE2OS_2EFS97L0maSBZta9KK_ffWXecyhxmGeQi5olBwKQTc6fgTvguqQBSAJeAZWSFjNJcc8YJsUjoALEGFQrAVub0PKTk7hu4923Zt7EOb1XEext5OMbrOztlr6FxMl-Tc64_kNv--JvvHh339nO_enl7q7S7XAjGX3oJ3IH1bVZYpbktjHLec8xKlasEwwzT3ldFcG4pWe1RCQVUq66UCzdbk-jR7xGiGGD51nJs_nOaIszRuTo0h9l-TS2Nz6KfYLZ8aXMQoX46wX2N0TJE</recordid><startdate>20200224</startdate><enddate>20200224</enddate><creator>Dashevskyi, Stanislav</creator><creator>Zhauniarovich, Yury</creator><creator>Gadyatskaya, Olga</creator><creator>Pilgun, Aleksandr</creator><creator>Hamza Ouhssain</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20200224</creationdate><title>Dissecting Android Cryptocurrency Miners</title><author>Dashevskyi, Stanislav ; Zhauniarovich, Yury ; Gadyatskaya, Olga ; Pilgun, Aleksandr ; Hamza Ouhssain</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a522-8fc0fe08fd77c394c6bbe4c4446289d0b3b3a4f7ba4ab12caf29590769cf890a3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>Applications programs</topic><topic>Computer Science - Cryptography and Security</topic><topic>Datasets</topic><topic>Electronic devices</topic><topic>Machine learning</topic><toplevel>online_resources</toplevel><creatorcontrib>Dashevskyi, Stanislav</creatorcontrib><creatorcontrib>Zhauniarovich, Yury</creatorcontrib><creatorcontrib>Gadyatskaya, Olga</creatorcontrib><creatorcontrib>Pilgun, Aleksandr</creatorcontrib><creatorcontrib>Hamza Ouhssain</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Access via ProQuest (Open Access)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection><collection>arXiv Computer Science</collection><collection>arXiv.org</collection><jtitle>arXiv.org</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Dashevskyi, Stanislav</au><au>Zhauniarovich, Yury</au><au>Gadyatskaya, Olga</au><au>Pilgun, Aleksandr</au><au>Hamza Ouhssain</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Dissecting Android Cryptocurrency Miners</atitle><jtitle>arXiv.org</jtitle><date>2020-02-24</date><risdate>2020</risdate><eissn>2331-8422</eissn><abstract>Cryptojacking applications pose a serious threat to mobile devices. Due to the extensive computations, they deplete the battery fast and can even damage the device. In this work we make a step towards combating this threat. We collected and manually verified a large dataset of Android mining apps. In this paper, we analyze the gathered miners and identify how they work, what are the most popular libraries and APIs used to facilitate their development, and what static features are typical for this class of applications. Further, we analyzed our dataset using VirusTotal. The majority of our samples is considered malicious by at least one VirusTotal scanner, but 16 apps are not detected by any engine; and at least 5 apks were not seen previously by the service. Mining code could be obfuscated or fetched at runtime, and there are many confusing miner-related apps that actually do not mine. Thus, static features alone are not sufficient for miner detection. We have collected a feature set of dynamic metrics both for miners and unrelated benign apps, and built a machine learning-based tool for dynamic detection. Our BrenntDroid tool is able to detect miners with 95% of accuracy on our dataset. This preprint is a technical report accompanying the paper "Dissecting Android Cryptocurrency Miners" published in ACM CODASPY 2020.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><doi>10.48550/arxiv.1905.02602</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | EISSN: 2331-8422 |
| ispartof | arXiv.org, 2020-02 |
| issn | 2331-8422 |
| language | eng |
| recordid | cdi_arxiv_primary_1905_02602 |
| source | arXiv.org; Free E- Journals |
| subjects | Applications programs Computer Science - Cryptography and Security Datasets Electronic devices Machine learning |
| title | Dissecting Android Cryptocurrency Miners |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-26T20%3A36%3A55IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_arxiv&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Dissecting%20Android%20Cryptocurrency%20Miners&rft.jtitle=arXiv.org&rft.au=Dashevskyi,%20Stanislav&rft.date=2020-02-24&rft.eissn=2331-8422&rft_id=info:doi/10.48550/arxiv.1905.02602&rft_dat=%3Cproquest_arxiv%3E2222314522%3C/proquest_arxiv%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2222314522&rft_id=info:pmid/&rfr_iscdi=true |