Detection of malicious mobile apps
First Claim
1. A computer-implemented method comprising:
- creating a plurality of software development kit (SDK) class tree structures of a plurality of malicious SDKs, the SDK class tree structures comprising a plurality of nodes that each represents a class of a corresponding malicious SDK and indicates a class feature of the corresponding malicious SDK that is used in execution of a target mobile app created or repackaged using the corresponding malicious SDK;
receiving a mobile app;
creating an app class tree structure of the mobile app, the app class tree structure comprising a plurality of nodes that each represents a class of the mobile app and indicates a class feature of the mobile app that is used in execution of the mobile app;
comparing the app class tree structure against the plurality of SDK class tree structures to find an SDK class tree structure that matches the app class tree structure;
detecting that the mobile app has been created or repackaged using at least one of the plurality of malicious SDKs based on comparing the app class tree structure against the plurality of SDK class tree structures; and
performing a security action in response to detecting that the mobile app has been created or repackaged using the at least one of the plurality of malicious SDKs.
1 Assignment
0 Petitions
Accused Products
Abstract
Software development kit (SDK) class tree structures of malicious SDKs are created, with each node of the SDK class tree structures representing a class of a corresponding malicious SDK. An app class tree structure of a mobile app is also created, with each node of the app class tree structure representing a class of the mobile app. To determine if the mobile app has been created (e.g., repackaged or originally created) using at least one of the malicious SDKs, the app class tree structure is compared against the SDK class tree structures to find an SDK class tree structure that matches the app class tree structure. For confirmation, the similarity of classes of the app class tree structure relative to classes of the SDK class tree structure can be determined.
39 Citations
12 Claims
-
1. A computer-implemented method comprising:
-
creating a plurality of software development kit (SDK) class tree structures of a plurality of malicious SDKs, the SDK class tree structures comprising a plurality of nodes that each represents a class of a corresponding malicious SDK and indicates a class feature of the corresponding malicious SDK that is used in execution of a target mobile app created or repackaged using the corresponding malicious SDK; receiving a mobile app; creating an app class tree structure of the mobile app, the app class tree structure comprising a plurality of nodes that each represents a class of the mobile app and indicates a class feature of the mobile app that is used in execution of the mobile app; comparing the app class tree structure against the plurality of SDK class tree structures to find an SDK class tree structure that matches the app class tree structure; detecting that the mobile app has been created or repackaged using at least one of the plurality of malicious SDKs based on comparing the app class tree structure against the plurality of SDK class tree structures; and performing a security action in response to detecting that the mobile app has been created or repackaged using the at least one of the plurality of malicious SDKs. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer system comprising:
-
a processor; and a memory, the memory comprising instructions that when executed by the processor causes the computer system to perform the steps of; receiving a mobile app; creating an app class tree structure of the mobile app, the app class tree structure representing a hierarchical tree structure of classes of the mobile app, the app class tree structure comprising a plurality of nodes that each represents a class of the mobile app and indicates a class feature of the mobile app that is employed in execution of the mobile app; comparing the app class tree structure of the mobile app to a software development kit (SDK) class tree structure of a malicious SDK, the SDK class tree structure representing a hierarchical tree structure of classes of the malicious SDK, the SDK class tree structure comprising a plurality of nodes that each represents a class of the malicious SDK and indicates a class feature of the malicious SDK that is employed in execution of a target mobile app created or repackaged using the malicious SDK; detecting that the mobile app is a malicious mobile app that has been created or repackaged using the malicious SDK when the app class tree structure matches the SDK class tree structure; and performing a security action in response to detecting that the mobile app has been created or repackaged using the malicious SDK. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
Specification