Detect Redirect to the Malicious Web-Sites in ANDROID Devices

Hashemi, Seyed Mahmood

doi:10.22034/apj.2026.2079995.1061

Detect Redirect to the Malicious Web-Sites in ANDROID Devices

Document Type : Original Research Article

Author

Seyed Mahmood Hashemi

KAR Higher Educational Institute

10.22034/apj.2026.2079995.1061

Abstract

Background and Objectives: Website clicks that redirect Android phone users to malicious ‎websites with fake virus warnings or phishing attacks are increasing exponentially. Although a ‎Uniform Resource Locator (URL) blacklist is considered as a suitable countermeasure for such ‎attacks, it is difficult to efficiently identify malicious websites. To the best of our knowledge, no ‎research has focused on detecting attacks that redirect Android phone users to malicious ‎websites. Therefore, we propose a redirection detection method that focuses on the URL bar ‎change interval of the Android-based Google Chrome browser.‎
Methods: The proposed method, which can be easily installed as an Android application, uses ‎the Android Accessibility Service to detect unwanted redirects to malicious websites without ‎collecting information about these websites in advance. This paper describes the details of the ‎design, implementation, and evaluation results of the proposed application on a real Android ‎device. We set threshold values for the number of times the URL bar changes and the elapsed ‎time to detect redirects to malicious websites for the proposed method.‎
Finding: Based on the results, we investigated the causes of false positive detections of ‎redirects to safe websites and proposed solutions to manage them. We also present threshold ‎values that can minimize the false positive and negative rates, as well as the detection accuracy ‎of the proposed method based on these threshold values. In addition, we present evaluation ‎results based on access reports of real users participating in the WarpDrive project experiment, ‎which show that the proposed method minimizes false positives and successfully detects most ‎redirects to malicious websites.‎

Keywords

ANDROID

Redirect

[1] Statista: Percentage of mobile device website traf_cworldwide from 1st quarter 2015 to 4th quarter 2023,available from hhttps://www.statista.com/statistics/277125/share-of-website-traf_c-coming-from-mobile-devices/i (accessed 2024_03_07).

[2] McAfee: The McAfee Consumer Mobile Threat Report, available from hhttps://www.mcafee.com/content/dam/consumer/enus/docs/reports/rp-mobile-threat-report-feb-2022.pdfi (accessed 2023_01_10).

[3] Statcounter: Mobile Operating System Market ShareWorldwide, available from hhttps://gs.statcounter.com/os-market-share/mobile/worldwidei (accessed 2024_03_07).

[4] PIXM: Phishing tactics: how a threat actor stole 1M credentialsin 4 months, available from hhttps://pixmsecurity.com/blog/blog/

phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/i(accessed 2023_01_10).

[5] Lin, Y., Liu, R., Divakaran, D.M., Ng, J.Y., Chan, Q.Z., Lu, Y., Si, Y., Zhang, F. and Dong, J.S.: Phishpedia: A Hybrid Deep Learning Based Approach to Visually Identify Phishing Webpages, Proc. 30th USENIX Security Symposium (USENIX Security 21), pp.3793_3810 (2021).

[6] Kim, T., Park, N., Hong, J. and Kim, S.W.: Phishing URL Detection: A Network-based Approach Robust to Evasion, Proc. 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS’ 22), pp.1769_1782 (2022).

[7] Aravindhan, R., Shanmugalakshmi, R., Ramya, K., et al.: Certain Investigation on Web Application Security: Phishing Detection and Phishing Target Discovery, Proc. 2016 3rd International Conference on Advanced Computing and Communication Systems (ICACCS), pp.1_10 (2016).

[8] Z. Li, S. Alrwais, X. Wang, and E. Alowaisheq, ``Hunting the red fox online: Understanding and detection of mass redirect-script injections,'' in 2014 IEEE Symposium on Security and Privacy, 2014, pp. 3_18.

[9] WarpDrive, available from hhttps://warpdrive-project.jp/i (accessed 2024_05_15).

[10] Mukaiyama, K., Fujita, M., Shirai, T., Kobayashi, S., Nishigaki, M.: Slyware Prevention: Threat of Websites Inducing Accidental Taps and Countermeasures, Proc. Advances in Network-Based Information Systems (NBiS 2017), pp.539_552 (2017).

[11] Imamura, Y., Orito, R., Chaikaew, K., et al.: Threat Analysis of Fake Virus Alerts Using WebView Monitor, Proc. 2019 Seventh International Symposium on Computing and Networking (CANDAR), pp.28_36 (2019).

[12] Liu, D. and Lee, J.-H.: CNN Based Malicious Website Detection by Invalidating Multiple Web Spams, IEEE Access, Vol.8, pp.97258_97266 (2020).

[13] Shibahara, T., Yagi, T., Akiyama, M., et al.: POSTER: Detecting Malicious Web Pages based on Structural Similarity of Redirection Chains, Proc. 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS'15), pp.1671_1673 (2015).

[14] Stringhini, G., Kruegel, C. and Vigna, G.: Shady Paths: Leveraging Sur_ng Crowds to Detect Malicious Web Pages, Proc. 2013 ACM SIGSAC Conference on Computer; Communications Security (CCS'13), pp.133_144 (2013).

[15] Android Developers: VpnService, available from hhttps://developer.android.com/reference/android/net/VpnServicei (accessed 2023_01_10).

[16] Android Developers: AccessibilityService, available from hhttps://developer.android.com/reference/android/accessibilityservice/AccessibilityServicei (accessed 2022_08_08).

[17] Alexa： Top Sites in Japan, available from hhttps://www.alexa.com/topsites/countries/JPi (accessed 2021_01_22).

[18] Chen, G., Meng, W., Copeland, J.: Revisiting Mobile Advertising Threats with MAdLife, Proceedings of the 2019 World Wide Web Conference (WWW'19), pp.207_217, (2019).

[19] Rastogi, V., Shao, R., Chen, Y., Pan, X., Zou, S., Riley, R.: Are these Ads Safe: Detecting Hidden Attacks through the Mobile App-Web Interfaces, Proceedings of Network and Distributed System Security Symposium (NDSS 2016), pp.1_15, (2016).

[20] Ishihara, T., Sato, M., Yamauchi, T.: Method of Generating a Blacklist for Mobile Devices by Searching Malicious Websites, Proceedings of 2020 Eighth International Symposium on Computing and Networking Workshops (CANDARW), (2020).

[21] StatCounter: Mobile & Tablet Android Version Market Share World-wide, available from hhttps://gs.statcounter.com/os-version-market-share/android/mobile-tablet/worldwidei (accessed 2024_08_15).

[22] Google Play: WarpDrive project, available from hhttps://play.google.com/store/apps/details?id=jp.kddilabs.warpdrive&hl=en_USi (accessed 2024_05_17).