An Empirical Study of Android APK Distribution Sites Using Headless Browser with Navigation Scripting Ruo Ando Network Security Institute, National Institute of Information and Communication Technology CSS2015 ココココココココココココココココココ 2015-10-21 16:15-17:35
13
Embed
An Empirical Study of Android APK Distribution Sites Using Headless Browser with Navigation Scripting
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
An Empirical Study of Android APK Distribution Sites Using Headless Browser with Navigation Scripting
Ruo Ando Network Security Institute, National Institute of Information and Communication Technology
Background 2: growing ecosystem of APK distribution sitesゼロデイマーケット
マルウェアマーケット
攻撃者
ボットネットマーケット
指令サーバ ボットネット
スキャンと侵入 悪意のあるサイト
情報摂取
スパムDDOS攻撃サービス停止
株式詐欺悪徳商法・広告
フィッシング
リダイレクト攻撃したサイトをボット化 脆弱性利用販売
レンタル
Androidアプリケーション
メールの転売
SNS Facebook
SNS Twitter ツイキャス等
アプリをダウンロード・利用させる情報収集サーバアプリの開発販売?
情報収集
Headless Browser を用いた APK クローラの高粒度化①Navigation scripting with JavaScript enables more interactive web page crawling in order to fetch the results after dynamic web page loading. In experiment, we have measured reasonable response time for fetching files with scriptable API.
void WebPage::qt_static_metacall(QObject *_o, QMetaObject::Call _c, int _id, void **_a){ switch (_id) { case 0: _t->initialized(); break; case 31: _t->sendEvent((*reinterpret_cast< const QString(*)>(_a[1])),(*reinterpret_cast< const QVariant(*)>(_a[2])),(*reinterpret_cast< const QVariant(*)>(_a[3])),(*reinterpret_cast< const QString(*)>(_a[4])),(*reinterpret_cast< const QVariant(*)>(_a[5]))); break;
* - eventType: "keypress", "keyup" or "keydown" (default: "keypress")
#4 0x000000000041b603 in WebPage::sendEvent (this=0x2cd5370, type=...,arg1=..., arg2=..., mouseButton=..., modifierArg=...) at webpage.cpp:1449#5 0x000000000041b7a2 in WebPage::sendEvent (this=0x2cd5370, type=...,arg1=..., arg2=..., mouseButton=..., modifierArg=...) at webpage.cpp:1465#6 0x0000000000467c4f in WebPage::qt_static_metacall (_o=0x2cd5370, _c=QMetaObject::InvokeMetaMethod, _id=33, _a=0x7fffffffd9f0) at moc_webpage.cpp:265#7 0x00000000004687d6 in WebPage::qt_metacall (this=0x2cd5370, _c=QMetaObject::InvokeMetaMethod, _id=33, _a=0x7fffffffd9f0) at moc_webpage.cpp:361#8 0x0000000000543b9f in JSC::Bindings::QtRuntimeMetaMethod::call(JSC::ExecState*) ()