SESSION
Session 3C: Mobile Security

-----------

-----------

Authors, Creators & Presenters: Runze Zhang (Georgia Institute of Technology), Mingxuan Yao (Georgia Institute of Technology), Haichuan Xu (Georgia Institute of Technology), Omar Alrawi (Georgia Institute of Technology), Jeman Park (Kyung Hee University), Brendan Saltaformaggio (Georgia Institute of Technology)

-----------

PAPER
Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment Reuse
For decades, law enforcement and commercial entities have attempted botnet takedowns with mixed success. These efforts, relying on DNS sink-holing or seizing C&C infrastructure, require months of preparation and often omit the cleanup of left-over infected machines. This allows botnet operators to push updates to the bots and re-establish their control. In this paper, we expand the goal of malware takedowns to include the covert and timely removal of frontend bots from infected devices. Specifically, this work proposes seizing the malware's built-in update mechanism to distribute crafted remediation payloads. Our research aims to enable this necessary but challenging remediation step after obtaining legal permission. We developed ECHO, an automated malware forensics pipeline that extracts payload deployment routines and generates remediation payloads to disable or remove the frontend bots on infected devices. Our study of 702 Android malware shows that 523 malware can be remediated via ECHO's takedown approach, ranging from covertly warning users about malware infection to uninstalling the malware.

-----------

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

-----------

Our thanks to the **[Network and Distributed System Security (NDSS) Symposium][1]** for publishing their Creators, Authors and Presenter’s superb **[NDSS Symposium 2025 Conference][2]** content on the **[organization’s’][1]** **[YouTube][3]** channel.

Permalink

The post NDSS 2025 – Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment Reuse appeared first on Security Boulevard.

SESSION
Session 3C: Mobile Security

-----------

-----------

Authors, Creators & Presenters: Chang Yue (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Kai Chen (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Zhixiu Guo (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Jun Dai, Xiaoyan Sun (Department of Computer Science, Worcester Polytechnic Institute), Yi Yang (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China)

-----------

PAPER
What's Done Is Not What's Claimed: Detecting and Interpreting Inconsistencies in App Behaviors
The widespread use of mobile apps meets user needs but also raises security concerns. Current security analysis methods often fall short in addressing user concerns as they do not parse app behavior from the user's standpoint, leading to users not fully understanding the risks within the apps and unknowingly exposing themselves to privacy breaches. On one hand, their analysis and results are usually presented at the code level, which may not be comprehensible to users. On the other hand, they neglect to account for the users' perceptions of the app behavior. In this paper, we aim to extract user-related behaviors from apps and explain them to users in a comprehensible natural language form, enabling users to perceive the gap between their expectations and the app's actual behavior, and assess the risks within the inconsistencies independently. Through experiments, our tool InconPreter is shown to effectively extract inconsistent behaviors from apps and provide accurate and reasonable explanations. InconPreter achieves an inconsistency identification precision of 94.89% on our labeled dataset, and a risk analysis accuracy of 94.56% on widely used Android malware datasets. When applied to real-world (wild) apps, InconPreter identifies 1,664 risky inconsistent behaviors from 413 apps out of 10,878 apps crawled from Google Play, including the leakage of location, SMS, and contact information, as well as unauthorized audio recording, etc., potentially affecting millions of users. Moreover, InconPreter can detect some behaviors that are not identified by previous tools, such as unauthorized location disclosure in various scenarios (e.g. taking photos, chatting, and enabling mobile hotspots, etc.). We conduct a thorough analysis of the discovered behaviors to deepen the understanding of inconsistent behaviors, thereby helping users better manage their privacy and providing insights for privacy design in further app development.

-----------

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

-----------

Our thanks to the **[Network and Distributed System Security (NDSS) Symposium][1]** for publishing their Creators, Authors and Presenter’s superb **[NDSS Symposium 2025 Conference][2]** content on the **[organization’s’][1]** **[YouTube][3]** channel.

Permalink

The post NDSS 2025 – Detecting And Interpreting Inconsistencies In App Behaviors appeared first on Security Boulevard.

-----------

SESSION
Session 3C: Mobile Security

-----------

-----------

Authors, Creators & Presenters: Yuqing Yang (The Ohio State University), Yue Zhang (Drexel University), Zhiqiang Lin (The Ohio State University)

-----------

PAPER
Understanding Miniapp Malware: Identification, Dissection, and Characterization
Super apps, serving as centralized platforms that manage user information and integrate third-party miniapps, have revolutionized mobile computing but also introduced significant security risks from malicious miniapps. Despite the mandatory miniapp vetting enforced to the built-in miniapp store, the threat of evolving miniapp malware persists, engaging in a continual cat-and-mouse game with platform security measures. However, compared with traditional paradigms such as mobile and web computing, there has been a lack of miniapp malware dataset available for the community to explore, hindering the generation of crucial insights and the development of robust detection techniques. In response to this, this paper addresses the scarcely explored territory of malicious miniapp analysis, dedicating over three year to identifying, dissecting, and examining the risks posed by these miniapps, resulting in the first miniapp malware dataset now available to aid future studies to enhance the security of super app ecosystems. To build the dataset, our primary focus has been on the WeChat platform, the largest super app, hosting millions of miniapps and serving a billion users. Over an extensive period, we collected over 4.5 million miniapps, identifying a subset (19, 905) as malicious through a rigorous cross-check process: 1) applying static signatures derived from real-world cases, and 2) confirming that the miniapps were delisted and removed from the market by the platform. With these identified samples, we proceed to characterize them, focusing on their lifecycle including propagation, activation, as well as payload execution. Additionally, we analyzed the collected malware samples using real-world cases to demonstrate their practical security impact. Our findings reveal that these malware frequently target user privacy, leverage social network sharing capabilities to disseminate unauthorized services, and manipulate the advertisement-based revenue model to illicitly generate profits. These actions result in significant privacy and financial harm to both users and the platform.

-----------

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

-----------

Our thanks to the **[Network and Distributed System Security (NDSS) Symposium][1]** for publishing their Creators, Authors and Presenter’s superb **[NDSS Symposium 2025 Conference][2]** content on the **[organization’s’][1]** **[YouTube][3]** channel.

Permalink

The post NDSS 2025 – Understanding Miniapp Malware: Identification, Dissection, And Characterization appeared first on Security Boulevard.