Join the phishing dots to detect suspicious mobile apps
-
Upload
leonardo-amor -
Category
Data & Analytics
-
view
595 -
download
0
Transcript of Join the phishing dots to detect suspicious mobile apps
![Page 1: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/1.jpg)
Unifying the Global Response to Cybercrime
Join the phishing dots to detect suspicious mobile apps
Leonardo Amor & Carlos Díaz Telefónica
![Page 2: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/2.jpg)
Telefonica Group
21 Countries
120.000Employees
50.377m Income
>340m Customers
![Page 3: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/3.jpg)
Our employees
Mostly: • Telco engineers • Computer Science • Engineers • ….. • Science or ScienCst people
![Page 4: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/4.jpg)
But there also space to:
• Lawyers • Business administraCon • Economist • Psychologist • Philologist
![Page 5: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/5.jpg)
Diversity
![Page 6: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/6.jpg)
Diversity
![Page 7: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/7.jpg)
Ideas explosion
![Page 8: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/8.jpg)
Code!
ü Unfortunately yet not everyone knows to code ü Fortunately everyday schools are geRng it should be one more basic class.
![Page 9: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/9.jpg)
The need of visual coding
ü & Visual Data
![Page 10: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/10.jpg)
Sinfonier Our Open project to visual coding
+ + =
Drag & Drop Interface
AutomaCc Deploy API
Storm Cluster
![Page 11: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/11.jpg)
Sinfonier
![Page 12: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/12.jpg)
Tacyt One of our sources
May 18 19 20 21 22 23 24 New 10.105 5.702 9.998 15.483 15.294 9.394 10.647
Dead 1.140 2.200 2.014 1.917 2.856 1.446 646
Up 3 Million Apps today
21.649 of them contains .apks 50.993 has links to .cn domains
![Page 13: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/13.jpg)
One of these ideas
![Page 14: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/14.jpg)
Laziness
![Page 15: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/15.jpg)
or Intense work
ü To check human errors inside APPs (Shared CerCficates, e-‐mails, URL’s, APK’s…)
![Page 16: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/16.jpg)
16 DISCOVER, DISRUPT, DELIVER
It’s demo time Tacyt + Sinfonier
![Page 17: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/17.jpg)
Tacyt
ü An innovaCve tool for the monitoring and analysis of mobile threats ü hfps://path5.elevenpaths.com/
![Page 18: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/18.jpg)
Tacyt
ü An innovaCve tool for the monitoring and analysis of mobile threats ü hfps://path5.elevenpaths.com/
![Page 19: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/19.jpg)
Tacyt
ü An innovaCve tool for the monitoring and analysis of mobile threats ü hfps://path5.elevenpaths.com/
![Page 20: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/20.jpg)
Tacyt
ü An innovaCve tool for the monitoring and analysis of mobile threats ü hfps://path5.elevenpaths.com/
![Page 21: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/21.jpg)
Tacyt
ü An innovaCve tool for the monitoring and analysis of mobile threats ü hfps://path5.elevenpaths.com/
![Page 22: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/22.jpg)
Tacyt
ü An innovaCve tool for the monitoring and analysis of mobile threats ü hfps://path5.elevenpaths.com/
![Page 23: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/23.jpg)
Tacyt
ü An innovaCve tool for the monitoring and analysis of mobile threats ü hfps://path5.elevenpaths.com/
![Page 24: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/24.jpg)
Tacyt
ü An innovaCve tool for the monitoring and analysis of mobile threats ü hfps://path5.elevenpaths.com/
![Page 25: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/25.jpg)
Tacyt
ü An innovaCve tool for the monitoring and analysis of mobile threats ü hfps://path5.elevenpaths.com/
![Page 26: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/26.jpg)
Tacyt
ü An innovaCve tool for the monitoring and analysis of mobile threats ü hfps://path5.elevenpaths.com/
![Page 27: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/27.jpg)
Tacyt
ü An innovaCve tool for the monitoring and analysis of mobile threats ü hfps://path5.elevenpaths.com/
![Page 28: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/28.jpg)
Tacyt
ü An innovaCve tool for the monitoring and analysis of mobile threats ü hfps://path5.elevenpaths.com/
![Page 29: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/29.jpg)
Sinfonier
ü Storm Builder for Security Intelligence ü hfp://sinfonier-‐project.net/
![Page 30: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/30.jpg)
Sinfonier
ü Storm Builder for Security Intelligence ü hfp://sinfonier-‐project.net/
![Page 31: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/31.jpg)
Sinfonier
ü Storm Builder for Security Intelligence ü hfp://sinfonier-‐project.net/
![Page 32: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/32.jpg)
Sinfonier
ü Storm Builder for Security Intelligence ü hfp://sinfonier-‐project.net/
![Page 33: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/33.jpg)
Sinfonier
ü Storm Builder for Security Intelligence ü hfp://sinfonier-‐project.net/
![Page 34: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/34.jpg)
Sinfonier
ü Storm Builder for Security Intelligence ü hfp://sinfonier-‐project.net/
![Page 35: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/35.jpg)
Sinfonier
ü Storm Builder for Security Intelligence ü hfp://sinfonier-‐project.net/
![Page 36: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/36.jpg)
Sinfonier
ü Storm Builder for Security Intelligence ü hfp://sinfonier-‐project.net/
![Page 37: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/37.jpg)
Sinfonier
ü Storm Builder for Security Intelligence ü hfp://sinfonier-‐project.net/
![Page 38: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/38.jpg)
Sinfonier
ü Storm Builder for Security Intelligence ü hfp://sinfonier-‐project.net/
![Page 39: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/39.jpg)
Sinfonier
ü Storm Builder for Security Intelligence ü hfp://sinfonier-‐project.net/
Reinject into the topology the new list of applicaCons
found
![Page 40: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/40.jpg)
Ducksboard: hfps://goo.gl/uKnHT3
ü A real-‐Cme dashboard ü hfps://ducksboard.com/
![Page 41: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/41.jpg)
Ducksboard: hfps://goo.gl/uKnHT3
ü A real-‐Cme dashboard ü hfps://ducksboard.com/
![Page 42: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/42.jpg)
Ducksboard: hfps://goo.gl/uKnHT3
ü A real-‐Cme dashboard ü hfps://ducksboard.com/
![Page 43: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/43.jpg)
Ducksboard: hfps://goo.gl/uKnHT3
ü A real-‐Cme dashboard ü hfps://ducksboard.com/
![Page 44: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/44.jpg)
Data VisualizaCon
ü hfp://d3js.org/ ü D3.js is a JavaScript library for manipulaCn documents based on data
![Page 45: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/45.jpg)
Data VisualizaCon: Data EnCCes
ü hfp://ecrime2015.us.to:2015/zoom.html
“key” [packageName][version][market]
hfps://play.google.com/store/apps/details?id=com.zaccur.b07.main
GP “developerEmail” embedded link that points an “apk” file
hfp://d.guomob.com/1142/2.apk
![Page 46: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/46.jpg)
Data VisualizaCon: Example1
ü hfp://ecrime2015.us.to:2015/example1.html ü GP link: hfps://play.google.com/store/apps/details?id=com.qfang.qfangmobile
• One developer – [email protected]
• One mobile applicaCon in GP – com.qfang.qfangmobile
• Five embedded “apk” files – hfp://down.gao7.com/Files/down/wxjx_2.2.3_C227.apk – hfp://s.51aiya.com/content/down/aiya14100234.apk – hfp://www.159cai.com/download/vip/43332/159cai_shouji.apk – hfp://shoufu.3gu.com/Run/Upload/Apk/QFangWang.apk – hfp://www.wanggouchao.com/data/apk/wgc/v2.5.6/wgc_10021.apk
![Page 47: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/47.jpg)
Data VisualizaCon: Example1
ü hfp://ecrime2015.us.to:2015/example1.html ü GP link: hfps://play.google.com/store/apps/details?id=com.qfang.qfangmobile
• One developer – [email protected]
• One mobile applicaCon in GP – com.qfang.qfangmobile
• Five embedded “apk” files – hfp://down.gao7.com/Files/down/wxjx_2.2.3_C227.apk – hfp://s.51aiya.com/content/down/aiya14100234.apk – hfp://www.159cai.com/download/vip/43332/159cai_shouji.apk – hfp://shoufu.3gu.com/Run/Upload/Apk/QFangWang.apk – hfp://www.wanggouchao.com/data/apk/wgc/v2.5.6/wgc_10021.apk
![Page 48: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/48.jpg)
Data VisualizaCon: Example2
ü hfp://ecrime2015.us.to:2015/example2.html
• Three differents developers – [email protected] – [email protected] – [email protected]
• Four mobile applicaCons in GP
• Three applicaCons point to the same embedded “apk” files – hfp://update.iuoooo.com/Android/
componentvoice/xfyy1.apk – hfp://update.iuoooo.com/Android/
componentvoice/xfyy2.apk
![Page 49: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/49.jpg)
Data VisualizaCon: Example3
ü hfp://ecrime2015.us.to:2015/example3.html
• Three different developers • 7 mobile applicaCons in GP • 13 embedded “apk” files
![Page 50: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/50.jpg)
Data VisualizaCon: Example4
ü hfp://ecrime2015.us.to:2015/farm.html
![Page 51: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/51.jpg)
Analysis of a Case
ü hfp://ecrime2015.us.to:2015/managementapp.html
One developer: • [email protected]
![Page 52: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/52.jpg)
com.giaitriviet.book.androidgp.bookaudio : 50-‐100
Analysis of a Case: 12 GP applicaCons
ü hfp://ecrime2015.us.to:2015/managementapp.html
![Page 53: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/53.jpg)
com.giaitriviet.book.androidgp.bookaudio : 50-‐100
com.giaitriviet.android.haivai : 10-‐50
Analysis of a Case: 12 GP applicaCons
ü hfp://ecrime2015.us.to:2015/managementapp.html
![Page 54: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/54.jpg)
com.giaitriviet.book.androidgp.bookaudio : 50-‐100
com.giaitriviet.android.haivai : 10-‐50
com.giaitriviet.androidgp.womanday : 500-‐1000
Analysis of a Case: 12 GP applicaCons
ü hfp://ecrime2015.us.to:2015/managementapp.html
![Page 55: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/55.jpg)
com.giaitriviet.book.androidgp.bookaudio : 50-‐100
com.giaitriviet.android.haivai : 10-‐50
com.giaitriviet.androidgp.womanday : 500-‐1000
com.giaitriviet.androidgp.saigon : 50-‐100
Analysis of a Case: 12 GP applicaCons
ü hfp://ecrime2015.us.to:2015/managementapp.html
![Page 56: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/56.jpg)
com.giaitriviet.androidgp.wallpaperquotes : 5-‐10
Analysis of a Case: 12 GP applicaCons
ü hfp://ecrime2015.us.to:2015/managementapp.html
![Page 57: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/57.jpg)
com.giaitriviet.androidgp.wallpaperquotes : 5-‐10
com.giaitriviet.androidgp.wallpapernaturals : 100-‐500
Analysis of a Case: 12 GP applicaCons
ü hfp://ecrime2015.us.to:2015/managementapp.html
![Page 58: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/58.jpg)
com.giaitriviet.androidgp.wallpaperquotes : 5-‐10
com.giaitriviet.androidgp.wallpapernaturals : 100-‐500
com.giaitriviet.androidgp.vietnam : 10-‐50
Analysis of a Case: 12 GP applicaCons
ü hfp://ecrime2015.us.to:2015/managementapp.html
![Page 59: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/59.jpg)
com.giaitriviet.androidgp.wallpaperquotes : 5-‐10
com.giaitriviet.androidgp.wallpapernaturals : 100-‐500
com.giaitriviet.androidgp.vietnam : 10-‐50
com.giaitriviet.androidgp.saigon1950 : 10-‐50
Analysis of a Case: 12 GP applicaCons
ü hfp://ecrime2015.us.to:2015/managementapp.html
![Page 60: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/60.jpg)
com.giaitriviet.androidgp.masterchef : 50-‐100
Analysis of a Case: 12 GP applicaCons
ü hfp://ecrime2015.us.to:2015/managementapp.html
![Page 61: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/61.jpg)
com.giaitriviet.androidgp.masterchef : 50-‐100
com.giaitriviet.androidgp.managerapplicaCon : 1-‐5
Analysis of a Case: 12 GP applicaCons
ü hfp://ecrime2015.us.to:2015/managementapp.html
![Page 62: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/62.jpg)
com.giaitriviet.androidgp.masterchef : 50-‐100
com.giaitriviet.androidgp.managerapplicaCon : 1-‐5
com.giaitriviet.androidgp.fallsaigon1975 : 10-‐50
Analysis of a Case: 12 GP applicaCons
ü hfp://ecrime2015.us.to:2015/managementapp.html
![Page 63: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/63.jpg)
com.giaitriviet.androidgp.masterchef : 50-‐100
com.giaitriviet.androidgp.managerapplicaCon : 1-‐5
com.giaitriviet.androidgp.fallsaigon1975 : 10-‐50
com.giaitriviet.android.caravat : 50-‐100
Analysis of a Case: 12 GP applicaCons
ü hfp://ecrime2015.us.to:2015/managementapp.html
![Page 64: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/64.jpg)
Domain: mediafire.com
Analysis of a Case: Detail of embedded “apk”
ü hfp://ecrime2015.us.to:2015/managementapp.html
All links are up
![Page 65: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/65.jpg)
Analysis of a Case: Detail of embedded “apk”
ü hfp://ecrime2015.us.to:2015/managementapp.html
![Page 66: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/66.jpg)
Analysis of a Case: Detail of embedded “apk”
ü hfp://ecrime2015.us.to:2015/managementapp.html
![Page 67: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/67.jpg)
Analysis of a Case: HotGirl & ChanDai
ü hfp://ecrime2015.us.to:2015/managementapp.html
Be a variant of a known malware family
The app creates or modifies SMS
Monitors phone state (incoming calls)
Uploads the list of apps currently running to a remote server
The app modifies shortcuts on the home screen
![Page 68: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/68.jpg)
Data VisualizaCon: Satellite Photo
ü hfp://ecrime2015.us.to:2015/ ü If you click this URL, most likely you are running out of memory in your computer
h9p://ecrime2015.us.to:2015/
![Page 69: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/69.jpg)
Data VisualizaCon: Satellite Photo
ü hfp://ecrime2015.us.to:2015/ ü If you click this URL, most likely you are running out of memory in your computer
![Page 70: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/70.jpg)
Conclusions
• This presentaCon is only the beginning … • We have generated a RSS feed of embedded “apk” files …
• We have a graphical representaCon of the relaConship between three types of enCCes …
• … now is the Cme for analysts
![Page 71: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/71.jpg)
Community
Join us: sinfonier-‐project.net
@e_Sinfonier @flexpired @LeoAmorV
![Page 72: Join the phishing dots to detect suspicious mobile apps](https://reader031.fdocuments.us/reader031/viewer/2022021923/58ed7c271a28ab33688b4685/html5/thumbnails/72.jpg)