Measurement of the Usage of Web Clips in Underground Economy

09/07/2022
by   Qinyu Hu, et al.
0

In this paper, we study the ecosystem of the abused Web Clips in underground economy. Through this study, we find the Web Clips is wildly used by perpetrators to penetrate iOS devices to gain profit. This work starts with 1,800 user complaint documents about cyber crimes over Web Clips. We firstly look into the ecosystem of abused Web Clips and point out the main participants and workflow. In addition, what is the Web Clips used for is demystified. Then the main participants, including creators, distributors, and operators are deeply studied based on our dataset. We try to reveal the prominent features of the illicit Web Clips and give some mitigation measures. Analysis reveals that 1) SSL certificate is overwhelmingly preferred for signing Web Clips instances compared with certificate issued by Apple. The wildly used SSL certificates can be aggregated into a limited group. 2) The content of the abused Web Clips falls into a few categories, `Gambling', `Fraud', and `Pornography' are among the top categories. 3) Instant messenger (IM) and live streaming platform are the most popular medium to trick victims into deploying the Web Clips. 4) The Web Clips are operated by a small amount of perpetrators, and the perpetrators tend to evade detection by taking technical approach, such as registering domain names through oversea domain name service provider, preferring easy-to-acquire new gTLD (global Top Level Domain), and deploying anti-crawler tricks. Our study gives hints on investigation of cyber crime over Web Clips, we hope that this work can help stakeholders to stay ahead of the threat.

READ FULL TEXT

page 2

page 6

page 8

research
02/10/2021

Dot-Science Top Level Domain: academic websites or dumpsites?

Dot-science was launched in 2015 as a new academic top-level domain (TLD...
research
06/16/2023

The Use of Web Archives in Disinformation Research

In recent years, journalists and other researchers have used web archive...
research
10/24/2017

A Quantitative Analysis of WCAG 2.0 Compliance For Some Indian Web Portals

Web portals have served as an excellent medium to facilitate user centri...
research
08/21/2021

Data Correction and Evolution Analysis of the ProgrammableWeb Service Ecosystem

The evolution analysis on Web service ecosystems has become a critical p...
research
08/02/2023

A Large-Scale Study of Phishing PDF Documents

Phishing PDFs are malicious PDF documents that do not embed malware but ...
research
04/14/2022

Shedding New Light on the Language of the Dark Web

The hidden nature and the limited accessibility of the Dark Web, combine...
research
04/27/2022

The MeVer DeepFake Detection Service: Lessons Learnt from Developing and Deploying in the Wild

Enabled by recent improvements in generation methodologies, DeepFakes ha...

Please sign up or login with your details

Forgot password? Click here to reset