The Many Kinds of Creepware Used for Interpersonal Attacks

  title={The Many Kinds of Creepware Used for Interpersonal Attacks},
  author={Kevin A. Roundy and Paula Barmaimon Mendelberg and Nicola Dell and Damon McCoy and Daniel N. Nissani and Thomas Ristenpart and Acar Tamersoy},
  journal={2020 IEEE Symposium on Security and Privacy (SP)},
Technology increasingly facilitates interpersonal attacks such as stalking, abuse, and other forms of harassment. While prior studies have examined the ecosystem of software designed for stalking, there exists an unstudied, larger landscape of apps—what we call creepware—used for interpersonal attacks. In this paper, we initiate a study of creepware using access to a dataset detailing the mobile apps installed on over 50 million Android devices. We develop a new algorithm, CreepRank, that uses… 

Analyzing the Monetization Ecosystem of Stalkerware

This analysis of the code base of 6,432 applications collected by the Coalition Against Stalkerware finds that the heterogeneity of markets and payment processors means that while point solutions can have impact on monetization, a multi-pronged solution involving multiple stakeholders is necessary to mitigate the financial incentive for developing stalkerware.

Lifting The Grey Curtain: A First Look at the Ecosystem of CULPRITWARE

The investigation shows that the majority of CULPRITWARE are propagated through social media rather than the official app markets, and most CUL PRITWARE indirectly rely on the covert fourth-party payment services to transfer the profits.

SoK: Hate, Harassment, and the Changing Landscape of Online Abuse

This work argues that existing security, privacy, and antiabuse protections fail to address the growing threat of online hate and harassment, and proposes a taxonomy of seven classes of attacks that each stem from different attacker capabilities and intents.

No Privacy Among Spies: Assessing the Functionality and Insecurity of Consumer Android Spyware Apps

An in-depth technical analysis of 14 distinct leading mobile spyware apps targeting Android phones is performed, documenting the range of mechanisms used to monitor user activity of various kinds and identifying a range of failings on the part of spyware vendors.

One Size Does not Fit All: Quantifying the Risk of Malicious App Encounters for Different Android User Profiles

This work performs a large-scale quantitative analysis of the risk of encountering malware and other potentially unwanted applications (PUA) across user communities using a dataset of app installation logs collected from 12M Android mobile devices to demonstrate the inadequacy of one-size-fits-all protection.

Comparing User Perceptions of Anti-Stalkerware Apps with the Technical Reality

The results suggest that users base their trust on the look and feel of the app, the number and type of alerts, and the apps’ affordances, and that app capabilities do not correspond to the users’ perceptions and expectations, impacting their practical effectiveness.

How Did That Get In My Phone? Unwanted App Distribution on Android Devices

An analysis of the who-installs-who relationships between installers and child apps reveals that the Play market is the main app distribution vector, responsible for 87% of all installs and 67% of unwanted app installs, but it also has the best defenses against unwanted apps.

"We Even Borrowed Money From Our Neighbor"

A qualitative analysis of the dynamics of mobile-based fraud in Pakistan, including addressing the vulnerabilities discovered in the ecosystem, utilizing existing actors to mitigate the consequences of these attacks, and realigning the design of fraud reporting mechanisms with the sociocultural practices is presented.

Anti-Privacy and Anti-Security Advice on TikTok: Case Studies of Technology-Enabled Surveillance and Control in Intimate Partner and Parent-Child Relationships

Modern technologies including smartphones, AirTags, and tracking apps enable surveillance and control in interpersonal relationships. In this work, we study videos posted on TikTok that give advice

Detecting iPhone Security Compromise in Simulated Stalking Scenarios: Strategies and Obstacles

It was found that participants could readily delete an app and search in iOS settings or the home screen, but they were generally unable to identify or turn off location sharing in Google Maps or determine whether the iCloud account was improperly accessed.



“A Stalker's Paradise”: How Intimate Partner Abusers Exploit Technology

It is shown how the sociotechnical and relational factors that characterize IPV make such attacks both extremely damaging to victims and challenging to counteract, in part because they undermine the predominant threat models under which systems have been designed.

When Governments Hack Opponents: A Look at Actors and Technology

An extensive collection of suspicious files and links targeting activists, opposition members, and nongovernmental organizations in the Middle East over the past several years are analyzed, finding that these artifacts reflect efforts to attack targets' devices for the purposes of eavesdropping, stealing information, and/or unmasking anonymous users.

To Catch a Ratter: Monitoring the Behavior of Amateur DarkComet RAT Operators in the Wild

This work is the first large-scale systematic study of RAT use of DarkComet, a popular commercial RAT, and monitors a sample's behavior in the system to reconstruct the sequence of operator actions, giving a unique view into operator behavior.

Taming Information-Stealing Smartphone Applications (on Android)

A system called TISSA is developed that implements a new privacy mode in smartphones that can empower users to flexibly control in a fine-grained manner what kinds of personal information will be accessible to an application.

Guilt by association: large scale malware detection by mining file-relation graphs

AESOP is presented, a scalable algorithm that identifies malicious executable files by applying Aesop's moral that "a man is known by the company he keeps" to identify close relationships between files that often appear together on machines.

Measuring PUP Prevalence and PUP Distribution through Pay-Per-Install Services

This work performs the first systematic study of PUP prevalence and its distribution through pay-perinstall (PPI) services, finding that over half (54%) of the examined hosts have PUP installed and that PUP distribution is largely disjoint from malware distribution.

Want to Earn a Few Extra Bucks? A First Look at Money-Making Apps

This study proposes a semi-automated approach aiming to harvest money-making apps from Google Play and alternative app markets, creates a taxonomy to classify them into five categories, and performs an empirical study from different aspects.

A Look at Targeted Attacks Through the Lense of an NGO

It is found that the NGO received malware from different families and that over a quarter of the malware can be linked to entities that have been reported to engage in targeted attacks against political and industrial organizations, and Tibetan NGOs.

The Spyware Used in Intimate Partner Violence

This work designs, implements, and evaluates a measurement pipeline that combines web and app store crawling with machine learning to find and label apps that are potentially dangerous in IPS contexts, and identifies several hundred IPS-relevant apps.

DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket

DREBIN is proposed, a lightweight method for detection of Android malware that enables identifying malicious applications directly on the smartphone and outperforms several related approaches and detects 94% of the malware with few false alarms.