Abstract
Rewarded advertisements are popularly used in the mobile advertising industry. In this paper, we analyze several rewarded advertisement applications to discover security weaknesses, which allow malicious users to automatically generate in-app activities for earning cash rewards on advertisement networks; we call this attack automated cash mining. To show the risk of this attack, we implemented automated cashing attacks on four popularly used Android applications (Cash Slide, Fronto, Honey Screen and Screen Stash) with rewarded advertisements through reverse engineering and demonstrated that all the tested reward apps are vulnerable to our attack implementation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Fiddler Extension (Requset to Code). http://www.chadsowald.com/software/fiddler-extension-request-to-code. Accessed 28 Feb 2019
Cho, G., Cho, J., Song, Y., Choi, D., Kim, H.: Combating online fraud attacks in mobile-based advertising. EURASIP J. Inf. Secur. 2016(1), 2 (2016)
Crussell, J., Stevens, R., Chen, H.: Madfraud: investigating ad fraud in android applications. In: Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services (2014)
Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: Proceedings of the 20th USENIX Security Symposium (2011)
Evans, C., Palmer, C.: Certificate pinning extension for HSTS (2011). https://tools.ietf.org/html/draft-evans-palmer-hsts-pinning-00
Immorlica, N., Jain, K., Mahdian, M., Talwar, K.: Click fraud resistant methods for learning click-through rates. In: Deng, X., Ye, Y. (eds.) WINE 2005. LNCS, vol. 3828, pp. 34–45. Springer, Heidelberg (2005). https://doi.org/10.1007/11600930_5
Acknowledgments
This work was supported in part by NRF of Korea (NRF-2017K1A3A1A17092614) and the ICT Consilience Creative support program (IITP-2019-2015-0-00742).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Ji, W., Kim, T., Kim, K., Kim, H. (2019). Automated Cash Mining Attacks on Mobile Advertising Networks. In: Jang-Jaccard, J., Guo, F. (eds) Information Security and Privacy. ACISP 2019. Lecture Notes in Computer Science(), vol 11547. Springer, Cham. https://doi.org/10.1007/978-3-030-21548-4_40
Download citation
DOI: https://doi.org/10.1007/978-3-030-21548-4_40
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-21547-7
Online ISBN: 978-3-030-21548-4
eBook Packages: Computer ScienceComputer Science (R0)