data mining

A few months ago, we reported Alligator helped us detect an unknown GPS-leaking adware no vendor had yet spotted: Adware/Geyser!Android. The number has now increased with the discovery of Riskware/Zdchical!Android and Riskware/SmsCred!Android. The former leaks the IMEI and IMSI to a remote server, the latter leaks login/password credentials in cleartext. While those samples are not of the most malignant form - they pose security threats but not with a clear malicious intent - we are happy to improve our surveillance techniques on Android marketplaces... [Read More]
by RSS Axelle Apvrille  |  Nov 14, 2013  |  Filed in: Security Research
Those last few months, we have been using and tuning a data mining engine developed by researchers of Telecom ParisTech. The tool is named Alligator, mostly because we believe alligators are hungry animals :) (and a little because this means "AnaLyzing maLware wIth partitioninG and probAbiliTy-based algORithms"). Integrated in our own crawling, property extraction and reporting architecture, the engine helps us spot suspicious packages among the huge load of Android applications. Recently, as we were tuning our framework, Alligator reported a... [Read More]
by RSS Axelle Apvrille  |  Aug 02, 2013  |  Filed in: Security Research