Unscramble Tencent security semi annual report: how users become black gold digger
unscramble Tencent security semi annual report: how users become black gold digger
original title: unscramble Tencent security semi annual report: how users become black gold digger
"they are trapped, and money can't be raised."
"it's over, so is mine."
Xiaozhi and his classmates were wide eyed. They wanted to earn some pocket money by doing tasks in their spare time. They didn't expect that the society was full of routines
download the app, register, try it, and then get a cash reward. Anyway, it's nothing to be idle. According to Xiaozhi, many students around are doing this "part-time job". But recently, several platforms have encountered problems such as unable to withdraw cash, balance freeze and so on, so fewer and fewer people are doing it
however, Xiaozhi doesn't realize that behind his "part-time job", there is a complete black industry chain. Criminals use them to cheat on the amount of swiping and defraud app developers of their promotion costs at a low cost. There have been many public reports before that, among the Baoma group of the student party, there are all kinds of demagogic brushing information such as "playing every day can make money"
in fact, this is just the tip of the iceberg of Internet black production. For example, with the iteration of technology, the attack methods of cyber criminals are constantly being renovated, and the number of industries attacked is also increasing, so the Internet security environment is facing severe challenges
be wary of changing into a "gold digger"
"what Xiaozhi is exposed to is more common app brushing activities. Before this crowdfunding meat brush mode, criminals mostly used machine brushes. Use simulators to disguise real users, or put a large number of devices together for group control." A network security expert told Xiong Chumo to pay attention, "the emergence of brush volume stems from the promotion needs of app developers. In order to enable their applications to be installed on more users, developers will seek promotion channels and pay for it."Driven by the interests, some promoters started the brush volume business. According to people familiar with the matter, it is not impossible for a large brush agent to earn millions a month. However, due to the low efficiency of manual operation, many "smart" black production teams began to use new ideas
the report released by Tencent security pointed out that a number of Trojan automatic scanning platforms appeared on the market this year. The Trojan SDK is implanted into some users' just needed applications through cooperation, and then sends tasks to the user's devices through the cloud control system to automatically perform the brushing operation
this is a typical black production chain. In addition, the report also lists the other three types of mobile terminals: secret words, because China's extruder products are closely linked with strategic new industries, advertising traffic cashing and application distribution black production
"these Internet black products have brought huge losses to users and software developers." According to the comparison of the eight types of viruses in the first half of 2018 according to Tencent housekeeper statistics, tariff consumption and malicious deduction accounted for 60.55% in total, privacy acquisition accounted for 20.4%, and the rest included rogue behavior, deception and fraud, system destruction, etc
generally speaking, there are two aspects of infringement at the level of ordinary users - property and privacy security. In terms of property, such as withholding phone charges, data shows that more than 2200 virus variants are added to the Internet every day, affecting millions of users every day
the industry unanimously calls these malicious applications "gold digging machines", which are mostly disguised as pornographic games, chat, dating and other applications to tempt users to download and install, and then start robbing users' phone bills. According to the estimation of per capita consumption of dozens of yuan, tens of millions of huge profits can be made in a day. Tencent security anti fraud laboratory observed that the impact of these malware has shown a growth momentum recently
another is privacy security. There is a saying in the upper stream, "you and I are transparent people under the Internet", which is a description of the current situation of user privacy security. For example, a gambling text message that has made many Apple users head, a person familiar with the matter said that it is very likely that your personal information has been sold on the black market
nowadays, intelligence has become one of the indispensable tools for people's life and work. With the continuous progress of China's "Internet +" process, the connection between public utilities and the Internet is becoming closer and closer, such as mobile medical services, social security services, electronic ID cards, electronic driver's licenses, etc. if these sensitive data are not well protected, your hands will really become "grenades" as the film says
constantly upgrading and iterating malware
property and privacy are not guaranteed, which is already annoying. Tencent security also pointed out that after 2018, these malicious applications have become more hidden, more common and more difficult to resist
first of all, the black industry adopts the reinforcement scheme as its own umbrella. Through the analysis of virus samples, Tencent security anti fraud laboratory found that the proportion of samples using reinforcement technology showed an obvious upward trend, especially those with more intense confrontation, such as social workers' fraud, malicious advertising, pornography, extortion and so on
according to professionals, the initial purpose of reinforcement technology development is to protect the application core source code from theft. However, with the continuous improvement of virus resistance, more and more viruses began to adopt reinforcement to protect their malicious code from being discovered by security software
secondly, the technology used by black production is constantly iterating. According to reports, cloud loading technology is currently the best means for malware developers to fight against security software
the report says that with the developers' in-depth understanding of Android system architecture and dynamic loading technology, various code hot update schemes and plug-in optimization frameworks have been invented and are free of charge, which provides a technical basis for developers to implement cloud control evil
at present, the cloud loading technology is in version 3.0. The framework virus developers of this version can not only restrict the infection of user groups through the dimensions of region, operator, model, device, etc., but also completely peel off malicious code by using virtual loading technology such as VA, and load and expand various malicious functions on demand through a white framework. It is difficult for ordinary security manufacturers to capture the malicious behavior of the virus
finally, the black industry began to target the weak links of the supply chain
whether from the upstream development environment of the supply chain, the water permeability is good, or the malicious applications invaded by the downstream distribution link, their concealment is becoming stronger, the latency cycle is longer, and the cleaning is more difficult. In April this year, Tencent's secure Trp AI anti-virus engine captured an SDK "parasitic push" that maliciously pushed advertising information, which infected more than 300 well-known applications with more than 20million potential users
in addition, it is worth noting that with the increasing popularity of blockchain and digital currency, the focus of Internet virus Trojans has also begun to shift to this aspect. Coupled with the continuous improvement of the performance of mobile devices, recently there have been many gangs trying to use the platform to produce electronic money
for example, hiddenminer lurks in the third-party application market to induce users to download, and then controls users to steal Monroe coins; Another example is the frequent occurrence of the official Google play application market application containing mining malicious code. Perhaps one day in the future, what we have in our hands will become the "broiler" of the Mafia
like the mobile terminal, the black production of the PC terminal is also a problem. The wannacry blackmail virus, which broke out in May last year, aims to blackmail bitcoin. It encrypts the files in the infected computer, and users need to pay $300 bitcoin to unlock it
from the teaching network of colleges and universities to the public security network of police stations to telecom operators, according to statistics, more than 200000 computers in more than 150 countries around the world have been attacked. It is for this reason that wannacry has been jointly attacked by law enforcement departments and security manufacturers
different from the indiscriminate spreading tactics in the past, now "the target of blackmail virus attack is becoming more accurate: it can accurately attack high-value targets that are most likely to win blackmail."
many attackers use system vulnerabilities or phishing emails to invade the internal networks of enterprises, and then choose high-value data for blackmail. Therefore, in the first half of 2018, many computer systems of high-value targets such as educational institutions, medical institutions, import and export trade enterprises, and manufacturing industry were attacked
let the sun shine into the dark corner
black production is so rampant that users can only let it be slaughtered. Is there anything they can do? The answer is, of course, No
for the judiciary, it is urgent to strengthen the crackdown on illegal production and increase the criminal cost of criminals. Some data show that Internet black production has become a worldwide problem, and the crime rate of developed countries such as the United States and Britain has exceeded the traditional crime mode
relevant departments in China have paid enough attention to this. At the beginning of this year, the Ministry of public security, the Supreme People's Procuratorate, the Supreme People's court, the Ministry of industry and information technology and other departments jointly held the 2018 Guardian plan conference, saying that they will adopt the mode of joint governance to combat illegal Internet production and jointly build a "network security community"Recently, CCTV's "Live Room" program reported that Weifang Qingzhou public security organ, together with Tencent computer housekeeper and Tencent Guardian plan security team, successfully cracked a major case of illegal control of computer information systems. The suspect in the case used the Trojan virus to control the computers of 3.89 million users for silent mining
according to the Tencent security team, the Trojan virus is mainly implanted in the "eat chicken" game plug-in, dolphin accelerator (modified version), a high imitation pirated video station "Every face has its own emotions and stories. In the VIP and other programs of the cool art film and television bar, it is spread through the bar alliance, forums, download stations, cloud disks and other channels.
this also leads to the second backbone of the clean-up work, the network security institutions in the market. It should also continue to work. For example, the in-depth cooperation between the Trp AI anti-virus engine of Tencent security team and Meizu flyme7 is a representative case.
The ability of the system integrating Trp AI anti-virus engine to detect new viruses has increased by 8.3%. In early April this year, it captured a malicious Trojan named "bank holiday ATM", which disguised itself as a normal payment plug-in, causing tariff loss and privacy disclosure without the user's knowledge
finally, from a personal perspective, each of us should improve our awareness of prevention in daily life. Not like Xiaozhi, the protagonist of the brush event mentioned at the beginning, because of the petty profits in front of him, it has contributed to the unhealthy trend. The most typical is the wool party. Usually, Internet enterprises are most vulnerable to attacks by the wool party when carrying out preferential promotional activities. In addition, the false prosperity caused by the account number of the wool party will also cause no small losses to relevant enterprises
please note that Xiong Chumo also mentioned in the "public WiFi cashing industry chain survey: behind the free rub, the wool is inexplicably collected". The free rub is the most expensive, and the most common rub has a complete industry chain behind it. So, you think you are "picking up" the free "wool". News: on the evening of December 12