Abstract

WeChat mini-apps are “sub-applications” built within the WeChat platform. Unlike full-function native applications, they are streamlined, “light” versions of the apps, and enable users to open and use them inside WeChat without downloading and installation. Since being introduced by WeChat in 2017, 4.3 million WeChat mini-programs have been developed, and they attract around 410 million daily active users Up to 2021. However, motivated by financial gains, many malicious mini-app developers use some intended description and icon to mislead users to click and open their mini-apps. These mini-apps are full of annoying advertisements and collect users’ privacy information stealthily, which can expose users to privacy risks and financial losses.
 
 Although security personnel of WeChat has enforced various countermeasures to prevent malicious phishing mini-apps sneaking into WeChat, rampant malicious leading mini-apps still have been observed recently. In this paper, we present MiniWarner, a novel approach that leverages Natural Language Processing and a number of reverse engineering techniques to detect whether a mini-app is malicious and phishing when users open it. MiniWarner will only ask users whether to continue to open the malicious phishing mini-app, thus it can protect users against the intended misleading by attackers, and still preserve the original user experience. Besides, this approach is implemented as an Xposed module, making it practical to be quickly deployed on a large number of user devices. Our paper will introduce how we developed MiniWarner and the measurement results of MiniWarner in detail.

Highlights

  • In 2017, WeChat introduced a novel program paradigm named mini-apps that enable users to open and use them directly inside WeChat without downloading and installing (C. Lee, 2017)

  • We present MiniWarner, a novel approach that leverages Natural Language Processing and a number of reverse engineering techniques to detect whether a mini-app is malicious and phishing when users open it

  • To overcome the above two problems, we propose MiniWarner, a novel approach that leverages Natural Language Processing and some reverse-engineering techniques to detect whether a mini-app is malicious and phishing when users open it

Read more

Summary

Introduction

In 2017, WeChat introduced a novel program paradigm named mini-apps that enable users to open and use them directly inside WeChat without downloading and installing (C. Lee, 2017). WeChat is not an open system in which developers can only get a small amount of information (e.g. Development Guide) and use the public available APIs. To overcome the above two problems, we propose MiniWarner, a novel approach that leverages Natural Language Processing and some reverse-engineering techniques to detect whether a mini-app is malicious and phishing when users open it. We leverage Natural Language Processing technique to weigh the similarity between description and content inside a mini-app and identify it as a malicious phishing mini-app if the similarity is minuscule. To the best of our knowledge, we are the first to leverage Natural Language Processing and reverse engineering techniques to detect malicious and phishing mini-apps This new understanding can further inspire follow-up research on mobile application security. Our experimental results show that MiniWarner can recognize malicious phishing mini-app and normal mini-app with 100% and 97.6% average accuracy and takes less than 5.03 seconds to analyze a mini-app

Mini-app Architecture
Mini-app Page
Challenges and Insights
Challenges
Insights
Current Design of MiniWarner
Package Download
Content Text Extract
Malware Detect
Evaluation Setup
Parameter α Discussion
Efficiency of MiniWarner
Detection Accuracy of MiniWarner
Conclusion
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call