JOURNAL BROWSE
Search
Advanced SearchSearch Tips
A Study on Mobile Game Security Threats by Analyzing Malicious Behavior of Auto Program of Clash of Clans
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
A Study on Mobile Game Security Threats by Analyzing Malicious Behavior of Auto Program of Clash of Clans
Heo, Geon Il; Heo, Cheong Il; Kim, Huy Kang;
  PDF(new window)
 Abstract
Recently, the size of the mobile game market and the number of mobile game users are growing. Also, as the mobile game`s life cycle is increasing at the same time, auto program issue reappears which has been appeared in PC online games. Gamers usually tend to ignore warning messages from antivirus programs and even worse they delete antivirus program to execute auto programs. Therefore, mobile game users are easily compromised if the auto program performs malicious behaviors not only for the original features. In this paper, we analyze whether seven auto programs of "clash of clans" which has a lot more users for a long time perform malicious behaviors or not. We forecast the possible security threats in near future and proposed countermeasures based on this analysis. By analyzing auto programs of highly popular mobile game of today, we can acquire the knowledge on auto program`s recent trend such as their development platform, operating mode, etc. This analysis will help security analysts predict auto program`s evolving trends and block potential threats in advance.
 Keywords
auto program;macro;mobile game;malicious behavior;
 Language
Korean
 Cited by
 References
1.
Korea Creative Content Agency, 2014 White paper on Korean games, Korea Creative Content Agency, 35, Gyoyukgil, Naju-si, Jeollanam-do, Korea, 2014.

2.
Google Play, https://play.google.com/store/apps/category/GAME/collection/topselling_free

3.
Woo, Jiyoung and Huy Kang Kim. "Survey and research direction on online game security," Proceeding WASA '12 Proceedings of the Workshop at SIGGRAPH Asia, pp. 19-25, Nov, 2012.

4.
Woo, Jiyoung, Hwa Jae Choi, and Huy Kang Kim. "An automatic and proactive identity theft detection model in MMORPGs." Applied Mathematics & Information Sciences, Vol. 6, No. 1S, pp. 291S-302S, Jan, 2012.

5.
Hana Kim, Byung Il Kwak, and Huy Kang Kim, "A study on the identity theft detection model in MMORPGs." Journal of The Korea Institute of Information Security & Cryptology, vol.25, no.3, pp. 627-637, Jun. 2015. crossref(new window)

6.
Huy Kang Kim and Young Jun Kum, "Mobile game security issue in android." Review of The Korea Institute of Information Security & Cryptology, vol.23, no.2, pp. 35-42, Apr. 2013.

7.
Il-bum Ahn, Shock! mobile games mouse auto prevalent 'fake ranked advisory', http://news.heraldcorp.com/view.php?ud=20130610000563&md=20130613004402_BL, Herald, Jun. 2013.

8.
Seung-Jin Choi, Clash of clans, the server pre-emergence 'shock', http://news.tf.co.kr/read/economy/1477785.htm, THE FACT, Jan. 2015

9.
Kang, A. R., Woo, J. Y., and Kim, H. K., "Data and text mining of communication patterns for game bot detection," Proceedings of the 3th international conference on Internet, pp. 495-500, Dec. 2011.

10.
Kang, A. R., Kim, H. K., and Woo, J.. "Chatting pattern based game BOT detection: do they talk like us?," KSII Transactions on Internet and Information Systems (TIIS), Vol.6, No.11, pp. 2866-2879, Nov, 2012.

11.
Lee, Gi Seong and Huy Kang Kim. "Android game repackaging detection technique using shortened instruction sequence," Journal of Korea Game Society, Vol. 13, No. 6, pp. 85-94, Dec, 2012.

12.
AMIDuOS, http://www.amiduos.com/

13.
Andy, http://www.andyroid.net/

14.
BlueStacks, http://www.bluestacks.com/local/kor/home-kor.html

15.
Genymotion, https://www.genymotion.com/#!/

16.
Windroy, http://www.windroye.com/

17.
GameCIH, http://www.cih.com.tw/gamecih.html

18.
Game Guardian, https://gameguardian.net/forum/

19.
GameKiller, http://game-killer.com/

20.
SB Game Hacker, http://sbgamehacker.com/

21.
AutoHotkey, http://www.autohotkey.com/

22.
AutoIt, https://www.autoitscript.com/site/autoit/

23.
FRep, http://strai.x0.com/frep/

24.
G Macro, http://rhyshan.com/147

25.
Hiro Macro, http://prohiro.com/

26.
Appzzang.com, http://appzzang.ca/bbs/board.php?bo_table=Game

27.
Lazypressing, https://www.lazypressing.com/

28.
Hacking Response Team, Handbook of incident analysis procedure, Korea Internet & Security Agency, 135, Jungdae-ro, Songpa-gu, Seoul, Korea, 2010.

29.
Jose Morales, A new approach to prioritizing malware analysis. http://insights.sei.cmu.edu/sei_blog/2014/04/a-new-approach-to-prioritizing-malware-analysis.html, Apr. 2014.

30.
Fiesta EK(CVE-2013-2551) Analysis Report, http://anubis.iseclab.org/?action=result&task_id=125ae9e1cdf70696411250b649e954117&format=pdf

31.
Fiesta EK(CVE-2013-2551) Analysis Report, https://www.virustotal.com/ko/file/f7ea603361599bed0b24f771da5b1b01126423d438dab2a1bfc7c7e4f6a1abec/analysis/

32.
Incident Response Corps, Monthly report on detecting sites concealing malware, Korea Internet & Security Agency, 135, Jungdae-ro, Songpa-gu, Seoul, Korea, 2015.

33.
Kim Moo Yeol, Ryu So Joon, Financial information leakage by the latest phishing and pharming technique, Korea Internet & Security Agency, 135, Jungdae-ro, Songpa-gu, Seoul, Korea, 2014.

34.
AhnLab Security Emergency Response Center, ASEC report vol. 56, AhnLab, 220, Pangyoyeok-ro, Bundang-gu, Seong nam-si, Gyeonggi-do, Korea, 2014.

35.
Joshua Cannell, Obfuscation: malware's best friend, Malwarebytes, https://www.malwarebytes.org/, 2014

36.
Sean Taylor, Binary obfuscation from the top down, DEF CON 17, https://www.defcon.org/html/defcon-17/dc-17-speakers.html#Taylor, 2009

37.
Shadowserver Foundation, Packer Statistics, https://www.shadowserver.org/wiki/pmwiki.php/Stats/PackerStatistics

38.
VMware Workstation, http://www.vmware.com/kr/products/workstation

39.
Process Monitor, https://technet.microsoft.com/ko-kr/sysinternals/bb896645

40.
Process Explorer, https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

41.
Regshot, http://sourceforge.net/projects/regshot/

42.
Wireshark, https://www.wireshark.org/download.html

43.
OllyDbg, http://www.ollydbg.de/

44.
PE Explorer, http://www.heaventools.com/

45.
PEBrowse Professinal, http://www.smidgeonsof t.prohosting.com/pebrowse-pro-file-viewer.html

46.
Dependency Walker, http://www.dependencywalker.com/

47.
.NET Reflector, http://www.red-gate.com/products/dotnet-development/reflector/

48.
BinText, http://www.mcafee.com/kr/downloads/free-tools/bintext.aspx

49.
Stud_PE, http://www.cgsoftlabs.ro/studpe.html

50.
Exeinfo PE, http://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/ExEinfo-PE.shtml

51.
HxD, http://mh-nexus.de/en/hxd/

52.
Virustotal, https://www.virustotal.com/

53.
Malwares.com, https://www.malwares.com/

54.
Google Safe Browsing, https://www.google.com/safebrowsing/diagnostic?site=Google.com

55.
Korea Internet & Security Agency WHOIS, http://whois.kisa.or.kr/kor/

56.
Exe2Aut, https://exe2aut.com/

57.
NSIS, http://nsis.sourceforge.net/Download

58.
UPX, http://upx.sourceforge.net/

59.
Themida, http://www.oreans.com/themida.php

60.
AutoIt functions, https://www.autoitscript.com/autoit3/docs/functions/

61.
Quick Macro, http://www.quickmacrs.com/help/QM_Help/IDH_FUNCTION.html

62.
AutoHotkey, https://www.autohotkey.com/docs/Functions.htm

63.
Violet Blue, RSA: Brazil's 'Boleto Malware' stole nearly $4 billion in two years, http://www.zdnet.com/article/rsa-brazils-boleto-malware-stole-nearly-4-billion-in-two-years/, ZDNet, July. 2014.

64.
Lee Bell, Hackers use Ebola outbreak to trick users into downloading malware, http://www.theinquirer.net/inquirer/news/2377496/hackers-use-ebola-outbreak-to-trick-users-into-downloading-malware, the INQUIRER, Oct. 2014.

65.
Vinoo Thomas and Prashanth Ramagopal, and Rahul Mohandas, The rise of autor un-based malware, McAfee, http://www.mcafee.com/us/, 2009.

66.
Prohibiting distribution of illegal game, Paragraph 8 of Article 32 of Act on Game Industry Promotion, Nov. 2014.

67.
Lee Kang Kook, Verification of constitutional violation of clause 2 paragraph 3 of article 46 of Act on Game Industry Promotion, Heonjae 2012.6.27. 2011 Heonma288, Jun. 2012.

68.
Yang Chang Soo, Withdraw of blocking game account, Supreme Court 2010.10. 28. Sentence 2010Da 9153 Judgement, Oct. 2010.

69.
AutoIt and malware, https://www.autoitscript.com/wiki/AutoIt_and_Malware, Jun, 2014.

70.
Kyle Wilhoit, AutoIt used to spread malw are and toolsets, http://blog.trendmicro.com/trendlabs-security-intelligence/autoit-used-to-spread-malware-and-toolsets/, May, 2013.