Analyzing leakage of personal information by malware

Tobias Urban, Dennis Tatang, Thorsten Holz, Norbert Pohlmann

Journal of Computer Security, 2019


Advertisements are the fuel that runs many online services such as websites or mobile apps, but also adversaries started to abuse ads for financial gains. Nowadays, online advertising companies track users all over the web in order to create successful online ads campaigns specifically tailored for a target audience. A popular phenomenon on the Internet, so-called adware, abuses online advertisements by maliciously injecting or replacing ads on websites. As many consider ads to be quite privacy intrusive, much work has gone into studying the effects of online advertisements on users’ privacy. However, only little work has been done so far into analyzing the privacy implications of adware. In this work, we shed light on the capabilities, mainly concerning tracking and personal data exfiltrating, of adware and potentially unwanted programs (PUPs), at scale. To this end, we capture the communication of adware/PUPs in the Firefox browser on the application level to circumvent lower-level encryption (e.g., TLS). Using this framework for capturing the network traffic, we dynamically analyze the communication of over 16,000 adware or potentially unwanted program samples. We find that around 37% of requests issued by the analyzed samples contain some kind of personal information. Furthermore, we identify the services used by adversaries and provide insights on the used tracking techniques.

This paper is an extended version of the paper: "Towards Understanding Privacy Implications of Adware and Potentially Unwanted Programs" presented at the European Symposium on Research in Computer Security (ESORICS) 2018.

tags: Adware, data leakage, online tracking, Potentially Unwanted Programs, privacy