RESUMO
As the COVID-19 pandemic emerged in early 2020, a number of malicious actors have started capitalizing the topic. Although a few media reports mentioned the existence of coronavirus-themed mobile malware, the research community lacks the understanding of the landscape of the coronavirus-themed mobile malware. In this paper, we present the first systematic study of coronavirus-themed Android malware. We first make efforts to create a daily growing COVID-19 themed mobile app dataset, which contains 4,322 COVID-19 themed apk samples (2,500 unique apps) and 611 potential malware samples (370 unique malicious apps) by the time of mid-November, 2020. We then present an analysis of them from multiple perspectives including trends and statistics, installation methods, malicious behaviors and malicious actors behind them. We observe that the COVID-19 themed apps as well as malicious ones began to flourish almost as soon as the pandemic broke out worldwide. Most malicious apps are camouflaged as benign apps using the same app identifiers (e.g., app name, package name and app icon). Their main purposes are either stealing users' private information or making profit by using tricks like phishing and extortion. Furthermore, only a quarter of the COVID-19 malware creators are habitual developers who have been active for a long time, while 75% of them are newcomers in this pandemic. The malicious developers are mainly located in the US, mostly targeting countries including English-speaking countries, China, Arabic countries and Europe. To facilitate future research, we have publicly released all the well-labelled COVID-19 themed apps (and malware) to the research community. Till now, over 30 research institutes around the world have requested our dataset for COVID-19 themed research.
RESUMO
Spoofing can seriously threaten the use of the Global Positioning System (GPS) in critical applications such as positioning and navigation of autonomous vehicles. Research into spoofing generation will contribute to assessment of the threat of possible spoofing attacks and help in the development of anti-spoofing methods. However, the recent commercial off-the-shelf (COTS) spoofing generators are expensive and the technology implementation is complicated. To address the above problem and promote the GPS safety-critical applications, a spoofing generator using a vector tracking-based software-defined receiver is proposed in this contribution. The spoofing generator aims to modify the raw signals by cancelling the actual signal component and adding the spoofing signal component. The connections between the spreading code and carrier, and the states of the victim receiver are established through vector tracking. The actual signal can be predicted effectively, and the spoofing signal will be generated with the spoofing trajectory at the same time. The experimental test results show that the spoofing attack signal can effectively mislead the victim receiver to the designed trajectory. Neither the tracking channels nor the positioning observations have abnormal changes during this processing period. The recent anti-spoofing methods cannot detect this internal spoofing easily. The proposed spoofing generator can cover all open-sky satellites with a high quality of concealment. With the superiority of programmability and diversity, it is believed that the proposed method based on an open source software-defined receiver has a great value for anti-spoofing research of different GNSS signals.
RESUMO
The success of graph neural networks stimulates the prosperity of graph mining and the corresponding downstream tasks including graph anomaly detection (GAD). However, it has been explored that those graph mining methods are vulnerable to structural manipulations on relational data. That is, the attacker can maliciously perturb the graph structures to assist the target nodes in evading anomaly detection. In this article, we explore the structural vulnerability of two typical GAD systems: unsupervised FeXtra-based GAD and supervised graph convolutional network (GCN)-based GAD. Specifically, structural poisoning attacks against GAD are formulated as complex bi-level optimization problems. Our first major contribution is then to transform the bi-level problem into one-level leveraging different regression methods. Furthermore, we propose a new way of utilizing gradient information to optimize the one-level optimization problem in the discrete domain. Comprehensive experiments demonstrate the effectiveness of our proposed attack algorithm BinarizedAttack .