Detecting Ad and Voice Phishing Fraud Abusing Android Apps
Mobile ad fraud and voice phishing have been proliferating by abusing benign Android apps. For instance, the number of annual voice phishing victims had risen to 34,527 in 2020, representing financial losses of approximately 598 million USD. Also, the total losses due to ad fraud amount to approximately 9-20% of the annual mobile ad market budget.
In this talk, I will present our study on detecting mobile ad fraud that involves abusive mobile ad SDKs. We focused on identifying fraudulent activities that originate without user interactions by connecting fragmented multiple stack traces, thus generating the causal relationships between user inputs and the observed ad fraud activity. Among 48,172 Play apps, we identified 74 apps responsible for 34,453 ad fraud activities, demonstrating a new ad fraud trend of abusing mobile ad SDKs.
I will then introduce our recent study on voice phishing abusing Android apps. We analyzed 1,017 voice phishing apps and revealed new phishing functionalities: outgoing call redirection, call screen overlay, and fake call voice. I will share our finding that call redirection that changes the intended recipients of victims’ outgoing calls played a critical role in facilitating voice phishing. I will then propose and discuss HearMeOut, an Android system-level service that detects phishing behaviors in runtime and blocks the detected behaviors.
Sooel Son is an associate professor at KAIST School of Computing and Graduate School of Information Security. He received his Computer Science Ph.D. from The University of Texas at Austin. His research focuses on web security and privacy problems. He is interested in analyzing web applications, finding web vulnerabilities, implementing new systems to find such vulnerabilities, and attacking machine learning services.