Thanks to a new algorithm developed by a team of academics, the Google Play Store screens and shelves 813 worm-disguised Android apps. Scholars from New York University, Cornell College of Technology, and Norton LifeLock are reported to have conducted an in-depth analysis of the worm software. In a newly published study, the team revealed more details behind the scenes.
(From: Semantic Scholar / Computer.org)
The worm mentioned here is a mobile app that does not have full spying or tracking capabilities. Even so, ulterior developers can use this to indirectly track, harass, defraud, or threaten users.
The team developed the CreepRank algorithm, which identifies suspected worm behavior in mobile apps, but rates each app.
For example, if an app has suspected behaviorsuchs such as extracting text messages from a device, identity spoofing in instant messaging/ SMS chat, launching a denial-of-service attack (with message bombing), hiding other apps, controlling access to other apps, and location tracking, there is a high probability that it will be spooked by the algorithm.
Even if the app itself that implements these features alone does not have full spy/tracking capabilities, it can still be abused in some form, such as by combining other apps for more intrusive behavior.
After the algorithm was developed, the team decided to use it to identify real-world threats, and found multiple worm software on anonymous data samples installed on more than 50 million Android smartphones.
This data comes from Norton LifeLock, a real device running the Norton Mobile Security App. After an in-depth analysis of the first 1000 applications, 857 worms were identified.
In the breakdown, this includes 114 spoofing apps, 80 harassment apps (including SMS Bombers), and 63 hacking tutorials.
After applying the CreepRank algorithm to the collection of data collected in 2017, 2018 and 2019, the researchers discovered a further 1095 worm applications that were installed more than a million times on display devices.
Fortunately, as early as last summer, the research team informed Google of the worm applications. Through the evaluation and intervention of Google’s own security team, the search giant cleared 813 offending apps in the Play Store.
Through this collaboration, Norton LifeLock verified the validity of the CreepRank algorithm, leading the company to make a commitment to incorporate new technologies into mobile anti-virus products.