SlideShare a Scribd company logo
Introduction Repositories Installers Trojanization Conclusion
On the Security of Application Installers & Online Software
Repositories
Marcus Botacin1 Giovanni Bert˜ao2 Paulo de Geus2 Andr´e Gr´egio1
Christopher Kruegel3 Giovanni Vigna3
1Federal University of Paran´a – Brazil (UFPR)
{mfbotacin,gregio}@inf.ufpr.br
2University of Campinas – Brazil (UNICAMP)
{bertao,paulo}@lasca.ic.unicamp.br
3University of California at Santa Barbara – USA (UCSB)
{chris,vigna}@ucsb.edu
2020
On the Security of Application Installers & Online Software Repositories 1 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Agenda
1 Introduction
2 Repositories
3 Installers
4 Trojanization
5 Conclusion
On the Security of Application Installers & Online Software Repositories 2 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Agenda
1 Introduction
2 Repositories
3 Installers
4 Trojanization
5 Conclusion
On the Security of Application Installers & Online Software Repositories 3 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Apps Stores
Figure: Android’s App Store.
On the Security of Application Installers & Online Software Repositories 4 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Desktop Software Repositories
Figure: Evaluated Repositories.
On the Security of Application Installers & Online Software Repositories 5 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Software Repositories
Figure: Software Inclusion.
On the Security of Application Installers & Online Software Repositories 6 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Software Repositories
Figure: Multiple Versions.
On the Security of Application Installers & Online Software Repositories 7 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Software Repositories
Figure: Repackaging.
On the Security of Application Installers & Online Software Repositories 8 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Software Repositories
Figure: Binary Replacement.
On the Security of Application Installers & Online Software Repositories 9 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Software Repositories
Figure: Security Checks.
On the Security of Application Installers & Online Software Repositories 10 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Software Repositories
Table: Repository Summary.
Repository Uploaded By Reviewed By Sponsored Ranking Servers Security Checks
FileHorse Users Site  Internal/External 
Cnet Users Site  External* 
FileHippo Site Site  Internal 
SourceForge Users   Internal 
Softpedia Users Site  Internal/External 
On the Security of Application Installers  Online Software Repositories 11 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Research Questions
Repositories
How often do they replace binaries?
How fast do applications climb the rankings?
Installers
How do installers work?
Are they vulnerable?
Trojanization
Is there evidence of Trojanization?
Is Trojanization prevalent?
On the Security of Application Installers  Online Software Repositories 12 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Methodology
Steps  Tools
1 Scrapy: Daily crawl installer binaries.
2 AutoIT: Automate installers execution on a sandbox.
Figure: Automated Installation Example.
On the Security of Application Installers  Online Software Repositories 13 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Agenda
1 Introduction
2 Repositories
3 Installers
4 Trojanization
5 Conclusion
On the Security of Application Installers  Online Software Repositories 14 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Dataset
Table: Dataset overview. The number of
unique files differs due to changes in distribution
over time.
Repository Programs (#) Unique Files (#)
FileHorse 82 314
Cnet 118 295
FileHippo 433 906
SourceForge 99 631
Softpedia 901 897
Total 1,633 2,935
Table: File sharing among
repositories. They usually do not
share files for the same programs.
Repositories Sharing Rate (%)
(Cnet, FileHorse) 48.04
(FileHippo, FileHorse) 17.65
(Cnet, FileHippo) 15.69
(FileHippo, Source Forge) 07.84
(Cnet, Softpedia) 04.90
(Cnet, Source Forge) 03.92
(FileHorse, Softpedia) 00.98
(FileHippo, Softpedia) 00.98
On the Security of Application Installers  Online Software Repositories 15 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Dataset
Table: File types distribution.
Self-contained PE files are the
prevalent type of program installers.
Type Format Prevalence (%)
Java 0.67
ISO 1.04
Compressed 7-zip 0.37 RAR 0.30
File XZ 0.37 ZIP 20.47
Formats bzip2 0.37 gzip 1.34
Windows DOS 0.45 PE 65.63
Binaries .Net 0.67 PE+ 0.45
Other 7.87
Table: Binary file’s size distribution.
Small binaries are associated to
downloaders and large ones to droppers.
Interval (MB) Frequency Binaries(%)
[0.000, 0.400) 93 5.42
[0.400, 1.400) 128 7.46
[1.400, 5.000) 242 14.11
[5.000, 70.000) 619 36.08
[70.000, 150.400) 145 8.45
[150.400, 600.400) 105 6.12
[600.400, 888.000) 16 0.93
On the Security of Application Installers  Online Software Repositories 16 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Installers Collection
0
100
200
300
400
500
600
700
800
900
1000
0 30 60 90 120 150
Hashes(#)
Days
Total Hashes per Repository
Softpedia
FileHippo
FileHorse
SourceForge
Cnet
Figure: Accumulative downloads for each
software repository.
0
20
40
60
80
100
120
0 30 60 90 120 150
Hashes(#)
Days
Daily Hashes per Repository
Softpedia
FileHippo
FileHorse
SourceForge
Cnet
Figure: Daily Downloads. FileHippo’s servers
were unreachable in the last week.
On the Security of Application Installers  Online Software Repositories 17 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Evolution Strategy 1: Adding a new repository entry1
Figure: Ranking position changes of the
top-100 downloaded programs.
Figure: Distribution of Programs in
Ranking Positions.
1
Hypothesized based on the behavior of all installers, not only Trojanized ones.
On the Security of Application Installers  Online Software Repositories 18 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Evolution Strategy 2: Replacing an existing binary2
Figure: Download of new (unique) files. Figure: Distributed Binaries Updates.
2
Hypothesized based on the behavior of all installers, not only Trojanized ones.
On the Security of Application Installers  Online Software Repositories 19 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Agenda
1 Introduction
2 Repositories
3 Installers
4 Trojanization
5 Conclusion
On the Security of Application Installers  Online Software Repositories 20 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Installer Types
1 C: installer.exe|Write|C: UsersWin7AppDataLocalTemp {907
A1104 -E812 -4b5c -959B-E4DAB37A96AB } vsdrinst64.exe
2 C: installer.exe|Write|C: UsersWin7AppDataLocalTemp {907
A1104 -E812 -4b5c -959B-E4DAB37A96AB } Install.exe
Code 1: Dropper Installer. Some Installers drop embedded payloads to disk and
launch them as new processes.
1 GET 200.143.247.9:80 (et1.zonealarm.com/V1?
2 TW9kdWxlPWluc3RhbGxlch98U2Vzc2lvbj0wYzNjNDA1OD )
Code 2: Downloader Installer. Some Installers perform (encoded) network
requests to retrieve payloads from Internet.
On the Security of Application Installers  Online Software Repositories 21 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Downloaders
Figure: Internet-Based Installers. Some applications require Internet access for full software
installation.
On the Security of Application Installers  Online Software Repositories 22 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
System Changes
Table: Top-5 file extensions most written by installers.
Extension DLL EXE TMP VPX SYS
Files (#) 6,949 1,309 1,302 811 790
1 C: UsersWin7AppDataLocalTempBullGuard Backup Setup.exe|
SetValueKey|HKUuserid  SoftwareMicrosoftWindows
CurrentVersion Internet Settings|ProxyEnable |1
Code 3: Proxy Definition. Some installers change system-wide proxy settings.
On the Security of Application Installers  Online Software Repositories 23 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Persistence
1 C: UsersWin7AppDataLocalTemp 7 zS4DEAD364Stub.exe|
SetValueKey|HKUuserid  SoftwareMicrosoftWindows
CurrentVersion RunOnce|PandaRunOnce|
Code 4: Persistence. Some installers set executable paths in the Registry to be
executed after a system reboot.
1 C: UsersWin7AppDataLocalTempajAE1E.exe|SetValueKey|HKLM
SOFTWAREWow6432NodeAVAST SoftwareBrowser|
installer_run_count |1
Code 5: Multi-Step Installers. They control how many times they will run.
On the Security of Application Installers  Online Software Repositories 24 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Network Usage
1 GET iavs9x.u.avast.com/iavs9x/
avast_free_antivirus_setup_online_x64 .exe
2 GET download.bitdefender.com/windows/bp/all/avfree_64b.exe
3 GET iavs9x.avg.u.avcdn.net/avg/iavs9x/
avg_antivirus_free_setup_x64 .exe
4 GET dm.kaspersky -labs.com/en/KAV /19.0.0.1088/ startup.exe
5 GET download.bullguard.com/ BullGuard190AV_x64_190411 .exe
Code 6: Unencrypted Download by Installers. The use of HTTP-only
connections may make users vulnerable.
On the Security of Application Installers  Online Software Repositories 25 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Network Attacks
Bad Practice
https://www.youtube.com/watch?v=dRI0J9TGqy4
Good Practice
https://www.youtube.com/watch?v=vGrLbFlyXb0
On the Security of Application Installers  Online Software Repositories 26 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Installation Tracking
1 GET /v1/offer/campaignFilter /? bundleId=UT006campaignId =5
b6352b3ce72513ae0a6beef
2 GET sos.adaware.com|/v1/offer/campaignFilter /? bundleId=UT006
campaignId =5 b6352b3ce72513ae0a6beef
3 GET flow.lavasoft.com|/v1/event -stat?ProductID=ISType=
StubBundleStart
Code 7: Installation Tracking. Some installers sent back tracking information to
notify providers about the installation.
On the Security of Application Installers  Online Software Repositories 27 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Uninstallers
1 C: UsersWin7AppDataLocalTemp {907 A1104 -E812 -4b5c -959B-
E4DAB37A96AB } Install.exe|Create|C: UsersWin7AppData
LocalTemp {907 A1104 -E812 -4b5c -959B-E4DAB37A96AB } Uninst.
exe
Code 8: Uninstaller Definition. Some Installers set uninstallers for the
applications.
1 C: Program Files (x86)GUM5D5C.tmpfmanUpdate.exe|SetValueKey
||HKUuserid  SoftwarefmanUpdate| UninstallCmdLine |C:
UsersWin7AppDataLocalfmanUpdatefmanUpdate.exe /
uninstall
Code 9: Parameter-Based Uninstallers. They define command line parameters
for software removal.
On the Security of Application Installers  Online Software Repositories 28 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Third-Party Components
1 C: installer 3 rdPartyAppGoogleToolBar
GoogleToolbarInstaller_zh -TW.exe
Code 10: Google Toolbar embedded as third-party extension of the main app.
1 HKCUSoftwareMicrosoftInternet ExplorerLinksBarItemCache
ToolBar|Add
Code 11: IE Settings Modification. New bookmarks, cookies, and configurations
set in the browser.
1 C: UsersWin7AppDataLocalTempis -3 ACQL.tmp
Advertising_english .exe
Code 12: Adware. The advertisement software is dropped from a file created by
the main installer.
On the Security of Application Installers  Online Software Repositories 29 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Targeting  Fingerprinting
1 C: Setup.exe|SetValueKey|HKCUuserid  SoftwareMicrosoft
SQMClient|UserId |{ C2CFE0D4 -A3A2 -4458 -A73F -F16F10E4C0D7}
2 C: Setup.exe|SetValueKey|HKCUuserid  SoftwareMicrosoft
SQMClient|UserId |{ EA0CB74D -DB5D -40EE -A402 -47 A97F23904E}
3 C: Setup.exe|SetValueKey|HKCUuserid  SoftwareMicrosoft
SQMClient|UserId |{ E81A6607 -9EB3 -49BA -B354 -FA42817594BA}
Code 13: Tracking IDs of installers of distinct repositories. Each installer
presents a distinct tracking ID according the repository from which they were
downloaded.
On the Security of Application Installers  Online Software Repositories 30 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Agenda
1 Introduction
2 Repositories
3 Installers
4 Trojanization
5 Conclusion
On the Security of Application Installers  Online Software Repositories 31 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Popularity
Figure: Security Warning. Trojanization has become popular to the point of some installers
warning users about this possibility.
On the Security of Application Installers  Online Software Repositories 32 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
AV Scans
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
Trojan PUA Win32/* Unsafe malw Adw Pack
Prevalence(%)
Families
AV Detection Labels Distribution
Label
Figure: AV Labels Distribution. Many
samples were considered either as malicious or
as Trojanized.
0
10
20
30
40
50
60
70
0 5 10 15 20 25 30 35
DetectedSamples(%)
AV ID (#)
Detected Trojans per AV
Figure: Trojanized Apps Detection per AV.
Distinct AVs present very distinct criteria and
thus detection rates.
On the Security of Application Installers  Online Software Repositories 33 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Repositories
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
Trojan PUA Win32/* Unsafe malw Adw Pack
Prevalence(%)
Families
AV Detection Labels Distribution
Label
Figure: AV Labels Distribution. Many
samples were considered either as malicious or
as Trojanized.
0%
10%
20%
30%
40%
50%
Cnet FHorse FHippo SForge Spedia
Trojans(%)
Detected Trojan Distribution
Figure: Trojanized Apps Detection per
Repository. Distinct repositories present very
distinct rates.
On the Security of Application Installers  Online Software Repositories 34 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Agenda
1 Introduction
2 Repositories
3 Installers
4 Trojanization
5 Conclusion
On the Security of Application Installers  Online Software Repositories 35 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Implications
For Users
Always prefer downloading from the official source.
For Repositories
Pay special attention to popular applications.
For Researchers
Scan binaries before assuming goodware ground-truth.
Make hashes available to ensure reproducibility.
On the Security of Application Installers  Online Software Repositories 36 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
A Possible Future
Figure: Microsoft’s App Store.
On the Security of Application Installers  Online Software Repositories 37 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Thank You!
Contact
E-mail: mfbotacin@inf.ufpr.br
Twitter: @MarcusBotacin
Source Code
Github:
https://github.com/marcusbotacin/Application.Installers.Overview
On the Security of Application Installers  Online Software Repositories 38 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Multiple Apps Versions
Figure: Multiple Skype Versions. Figure: Multiple Chrome Versions.
On the Security of Application Installers  Online Software Repositories 38 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Installer’s Policies
Action
“We collect some limited information that your device and browser routinely make
available whenever you visit a website or interact with any online service.”
Goal
“We collect this data to improve the overall quality of the online experience, including
product monitoring, product improvement, and targeted advertising.”
Scope
“We may also include offers from third parties as part of the installation process for
our Software.”
On the Security of Application Installers  Online Software Repositories 38 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Integrity Checking (Other Platforms)
Figure: Integrity check on a bank’s app.
On the Security of Application Installers  Online Software Repositories 38 / 38 DIMVA 2020
Introduction Repositories Installers Trojanization Conclusion
Thank You (Once Again)!
Contact
E-mail: mfbotacin@inf.ufpr.br
Twitter: @MarcusBotacin
Source Code
Github:
https://github.com/marcusbotacin/Application.Installers.Overview
On the Security of Application Installers  Online Software Repositories 38 / 38 DIMVA 2020

More Related Content

What's hot

y2038 issue
y2038 issuey2038 issue
y2038 issue
SZ Lin
 
Design, Build,and Maintain the Embedded Linux Platform
Design, Build,and Maintain the Embedded Linux PlatformDesign, Build,and Maintain the Embedded Linux Platform
Design, Build,and Maintain the Embedded Linux Platform
SZ Lin
 
Fast boot
Fast bootFast boot
Fast boot
SZ Lin
 
Using open source software to build an industrial grade embedded linux platfo...
Using open source software to build an industrial grade embedded linux platfo...Using open source software to build an industrial grade embedded linux platfo...
Using open source software to build an industrial grade embedded linux platfo...
SZ Lin
 
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by  Shusei Tomonaga & Yuu Nak...Revealing the Attack Operations Targeting Japan by  Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
CODE BLUE
 
Win32/Duqu: involution of Stuxnet
Win32/Duqu: involution of StuxnetWin32/Duqu: involution of Stuxnet
Win32/Duqu: involution of Stuxnet
Alex Matrosov
 
Threat Analysis on Win10 IoT Core and Recommaended Security Measures by Naohi...
Threat Analysis on Win10 IoT Core and Recommaended Security Measures by Naohi...Threat Analysis on Win10 IoT Core and Recommaended Security Measures by Naohi...
Threat Analysis on Win10 IoT Core and Recommaended Security Measures by Naohi...
CODE BLUE
 
Using Embedded Linux for Infrastructure Systems
Using Embedded Linux for Infrastructure SystemsUsing Embedded Linux for Infrastructure Systems
Using Embedded Linux for Infrastructure Systems
Yoshitake Kobayashi
 
Di shen pacsec_final
Di shen pacsec_finalDi shen pacsec_final
Di shen pacsec_final
PacSecJP
 
Android 2.3 Introduction
Android 2.3 IntroductionAndroid 2.3 Introduction
Android 2.3 Introduction
Kan-Ru Chen
 
Long-term Maintenance Model of Embedded Industrial Linux Distribution
Long-term Maintenance Model of Embedded Industrial Linux DistributionLong-term Maintenance Model of Embedded Industrial Linux Distribution
Long-term Maintenance Model of Embedded Industrial Linux Distribution
SZ Lin
 
淺談 Live patching technology
淺談 Live patching technology淺談 Live patching technology
淺談 Live patching technology
SZ Lin
 
Media Files : Android's New Nightmare
Media Files :  Android's New NightmareMedia Files :  Android's New Nightmare
Media Files : Android's New Nightmare
Oguzhan Topgul
 
Learning notes on Open Source License
Learning notes on Open Source License Learning notes on Open Source License
Learning notes on Open Source License
SZ Lin
 
A study of anti virus' response to unknown threats
A study of anti virus' response to unknown threatsA study of anti virus' response to unknown threats
A study of anti virus' response to unknown threats
UltraUploader
 
Stagefright (1)
Stagefright (1)Stagefright (1)
Stagefright (1)
Mamoon Ismail Khalid
 
Embedded Linux/ Debian with ARM64 Platform
Embedded Linux/ Debian with ARM64 PlatformEmbedded Linux/ Debian with ARM64 Platform
Embedded Linux/ Debian with ARM64 Platform
SZ Lin
 
Distro Recipes 2013: What’s new in gcc 4.8?
Distro Recipes 2013: What’s new in gcc 4.8?Distro Recipes 2013: What’s new in gcc 4.8?
Distro Recipes 2013: What’s new in gcc 4.8?
Anne Nicolas
 
Farewell, Stagefright bugs!
Farewell, Stagefright bugs!Farewell, Stagefright bugs!
Farewell, Stagefright bugs!
Tsukasa Oi
 
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CanSecWest
 

What's hot (20)

y2038 issue
y2038 issuey2038 issue
y2038 issue
 
Design, Build,and Maintain the Embedded Linux Platform
Design, Build,and Maintain the Embedded Linux PlatformDesign, Build,and Maintain the Embedded Linux Platform
Design, Build,and Maintain the Embedded Linux Platform
 
Fast boot
Fast bootFast boot
Fast boot
 
Using open source software to build an industrial grade embedded linux platfo...
Using open source software to build an industrial grade embedded linux platfo...Using open source software to build an industrial grade embedded linux platfo...
Using open source software to build an industrial grade embedded linux platfo...
 
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by  Shusei Tomonaga & Yuu Nak...Revealing the Attack Operations Targeting Japan by  Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
 
Win32/Duqu: involution of Stuxnet
Win32/Duqu: involution of StuxnetWin32/Duqu: involution of Stuxnet
Win32/Duqu: involution of Stuxnet
 
Threat Analysis on Win10 IoT Core and Recommaended Security Measures by Naohi...
Threat Analysis on Win10 IoT Core and Recommaended Security Measures by Naohi...Threat Analysis on Win10 IoT Core and Recommaended Security Measures by Naohi...
Threat Analysis on Win10 IoT Core and Recommaended Security Measures by Naohi...
 
Using Embedded Linux for Infrastructure Systems
Using Embedded Linux for Infrastructure SystemsUsing Embedded Linux for Infrastructure Systems
Using Embedded Linux for Infrastructure Systems
 
Di shen pacsec_final
Di shen pacsec_finalDi shen pacsec_final
Di shen pacsec_final
 
Android 2.3 Introduction
Android 2.3 IntroductionAndroid 2.3 Introduction
Android 2.3 Introduction
 
Long-term Maintenance Model of Embedded Industrial Linux Distribution
Long-term Maintenance Model of Embedded Industrial Linux DistributionLong-term Maintenance Model of Embedded Industrial Linux Distribution
Long-term Maintenance Model of Embedded Industrial Linux Distribution
 
淺談 Live patching technology
淺談 Live patching technology淺談 Live patching technology
淺談 Live patching technology
 
Media Files : Android's New Nightmare
Media Files :  Android's New NightmareMedia Files :  Android's New Nightmare
Media Files : Android's New Nightmare
 
Learning notes on Open Source License
Learning notes on Open Source License Learning notes on Open Source License
Learning notes on Open Source License
 
A study of anti virus' response to unknown threats
A study of anti virus' response to unknown threatsA study of anti virus' response to unknown threats
A study of anti virus' response to unknown threats
 
Stagefright (1)
Stagefright (1)Stagefright (1)
Stagefright (1)
 
Embedded Linux/ Debian with ARM64 Platform
Embedded Linux/ Debian with ARM64 PlatformEmbedded Linux/ Debian with ARM64 Platform
Embedded Linux/ Debian with ARM64 Platform
 
Distro Recipes 2013: What’s new in gcc 4.8?
Distro Recipes 2013: What’s new in gcc 4.8?Distro Recipes 2013: What’s new in gcc 4.8?
Distro Recipes 2013: What’s new in gcc 4.8?
 
Farewell, Stagefright bugs!
Farewell, Stagefright bugs!Farewell, Stagefright bugs!
Farewell, Stagefright bugs!
 
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
 

Similar to On the Security of Application Installers & Online Software Repositories

Dipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentDipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application Development
Matthew Farina
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners
Checkmarx
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
lior mazor
 
Functional and Behavioral Analysis of Different Type of Ransomware.pptx
Functional and Behavioral Analysis of Different Type of Ransomware.pptxFunctional and Behavioral Analysis of Different Type of Ransomware.pptx
Functional and Behavioral Analysis of Different Type of Ransomware.pptx
tarkovtarkovski
 
Finding Bugs, Fixing Bugs, Preventing Bugs — Exploiting Automated Tests to In...
Finding Bugs, Fixing Bugs, Preventing Bugs — Exploiting Automated Tests to In...Finding Bugs, Fixing Bugs, Preventing Bugs — Exploiting Automated Tests to In...
Finding Bugs, Fixing Bugs, Preventing Bugs — Exploiting Automated Tests to In...
University of Antwerp
 
Todd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane's PhD Proposal
Todd Deshane's PhD Proposal
Todd Deshane
 
mcq edu03 Anju 23.pdf
mcq edu03 Anju 23.pdfmcq edu03 Anju 23.pdf
mcq edu03 Anju 23.pdf
ANJUMOHANANU
 
The Truth About Viruses on IBM i
The Truth About Viruses on IBM iThe Truth About Viruses on IBM i
The Truth About Viruses on IBM i
HelpSystems
 
White Paper - Are antivirus solutions enough to protect industrial plants?
White Paper - Are antivirus solutions enough to protect industrial plants?White Paper - Are antivirus solutions enough to protect industrial plants?
White Paper - Are antivirus solutions enough to protect industrial plants?
TI Safe
 
Ransomware 0 admins 1
Ransomware 0 admins 1Ransomware 0 admins 1
Ransomware 0 admins 1
kieranjacobsen
 
Weather Forecast for Today? Advert Flood Coming from East
Weather Forecast for Today? Advert Flood Coming from EastWeather Forecast for Today? Advert Flood Coming from East
Weather Forecast for Today? Advert Flood Coming from East
AVG Technologies
 
The Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secureThe Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secure
Kaspersky
 
Just-in-time Detection of Protection-Impacting Changes on WordPress and Media...
Just-in-time Detection of Protection-Impacting Changes on WordPress and Media...Just-in-time Detection of Protection-Impacting Changes on WordPress and Media...
Just-in-time Detection of Protection-Impacting Changes on WordPress and Media...
Amine Barrak
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous Environment
Stefano Maccaglia
 
Attacking antivirus
Attacking antivirusAttacking antivirus
Attacking antivirus
UltraUploader
 
Mender; the open-source software update solution
Mender; the open-source software update solutionMender; the open-source software update solution
Mender; the open-source software update solution
Mender.io
 
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnSupply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
NUS-ISS
 
Prometheus Training
Prometheus TrainingPrometheus Training
Prometheus Training
Tim Tyler
 
Among Viruses, Trojans, and Backdoors:Fighting Malware in 2022
Among Viruses, Trojans, and Backdoors:Fighting Malware in 2022Among Viruses, Trojans, and Backdoors:Fighting Malware in 2022
Among Viruses, Trojans, and Backdoors:Fighting Malware in 2022
Marcus Botacin
 
Software rotting - DevOpsCon Berlin
Software rotting - DevOpsCon BerlinSoftware rotting - DevOpsCon Berlin
Software rotting - DevOpsCon Berlin
Giulio Vian
 

Similar to On the Security of Application Installers & Online Software Repositories (20)

Dipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentDipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application Development
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
 
Functional and Behavioral Analysis of Different Type of Ransomware.pptx
Functional and Behavioral Analysis of Different Type of Ransomware.pptxFunctional and Behavioral Analysis of Different Type of Ransomware.pptx
Functional and Behavioral Analysis of Different Type of Ransomware.pptx
 
Finding Bugs, Fixing Bugs, Preventing Bugs — Exploiting Automated Tests to In...
Finding Bugs, Fixing Bugs, Preventing Bugs — Exploiting Automated Tests to In...Finding Bugs, Fixing Bugs, Preventing Bugs — Exploiting Automated Tests to In...
Finding Bugs, Fixing Bugs, Preventing Bugs — Exploiting Automated Tests to In...
 
Todd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane's PhD Proposal
Todd Deshane's PhD Proposal
 
mcq edu03 Anju 23.pdf
mcq edu03 Anju 23.pdfmcq edu03 Anju 23.pdf
mcq edu03 Anju 23.pdf
 
The Truth About Viruses on IBM i
The Truth About Viruses on IBM iThe Truth About Viruses on IBM i
The Truth About Viruses on IBM i
 
White Paper - Are antivirus solutions enough to protect industrial plants?
White Paper - Are antivirus solutions enough to protect industrial plants?White Paper - Are antivirus solutions enough to protect industrial plants?
White Paper - Are antivirus solutions enough to protect industrial plants?
 
Ransomware 0 admins 1
Ransomware 0 admins 1Ransomware 0 admins 1
Ransomware 0 admins 1
 
Weather Forecast for Today? Advert Flood Coming from East
Weather Forecast for Today? Advert Flood Coming from EastWeather Forecast for Today? Advert Flood Coming from East
Weather Forecast for Today? Advert Flood Coming from East
 
The Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secureThe Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secure
 
Just-in-time Detection of Protection-Impacting Changes on WordPress and Media...
Just-in-time Detection of Protection-Impacting Changes on WordPress and Media...Just-in-time Detection of Protection-Impacting Changes on WordPress and Media...
Just-in-time Detection of Protection-Impacting Changes on WordPress and Media...
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous Environment
 
Attacking antivirus
Attacking antivirusAttacking antivirus
Attacking antivirus
 
Mender; the open-source software update solution
Mender; the open-source software update solutionMender; the open-source software update solution
Mender; the open-source software update solution
 
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnSupply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
 
Prometheus Training
Prometheus TrainingPrometheus Training
Prometheus Training
 
Among Viruses, Trojans, and Backdoors:Fighting Malware in 2022
Among Viruses, Trojans, and Backdoors:Fighting Malware in 2022Among Viruses, Trojans, and Backdoors:Fighting Malware in 2022
Among Viruses, Trojans, and Backdoors:Fighting Malware in 2022
 
Software rotting - DevOpsCon Berlin
Software rotting - DevOpsCon BerlinSoftware rotting - DevOpsCon Berlin
Software rotting - DevOpsCon Berlin
 

More from Marcus Botacin

Machine Learning by Examples - Marcus Botacin - TAMU 2024
Machine Learning by Examples - Marcus Botacin - TAMU 2024Machine Learning by Examples - Marcus Botacin - TAMU 2024
Machine Learning by Examples - Marcus Botacin - TAMU 2024
Marcus Botacin
 
Near-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless MalwareNear-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless Malware
Marcus Botacin
 
GPThreats-3: Is Automated Malware Generation a Threat?
GPThreats-3: Is Automated Malware Generation a Threat?GPThreats-3: Is Automated Malware Generation a Threat?
GPThreats-3: Is Automated Malware Generation a Threat?
Marcus Botacin
 
[HackInTheBOx] All You Always Wanted to Know About Antiviruses
[HackInTheBOx] All You Always Wanted to Know About Antiviruses[HackInTheBOx] All You Always Wanted to Know About Antiviruses
[HackInTheBOx] All You Always Wanted to Know About Antiviruses
Marcus Botacin
 
[Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change!
[Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change![Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change!
[Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change!
Marcus Botacin
 
Hardware-accelerated security monitoring
Hardware-accelerated security monitoringHardware-accelerated security monitoring
Hardware-accelerated security monitoring
Marcus Botacin
 
How do we detect malware? A step-by-step guide
How do we detect malware? A step-by-step guideHow do we detect malware? A step-by-step guide
How do we detect malware? A step-by-step guide
Marcus Botacin
 
Extraindo Caracterı́sticas de Arquivos Binários Executáveis
Extraindo Caracterı́sticas de Arquivos Binários ExecutáveisExtraindo Caracterı́sticas de Arquivos Binários Executáveis
Extraindo Caracterı́sticas de Arquivos Binários Executáveis
Marcus Botacin
 
On the Malware Detection Problem: Challenges & Novel Approaches
On the Malware Detection Problem: Challenges & Novel ApproachesOn the Malware Detection Problem: Challenges & Novel Approaches
On the Malware Detection Problem: Challenges & Novel Approaches
Marcus Botacin
 
All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...
All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...
All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...
Marcus Botacin
 
Near-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless MalwareNear-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless Malware
Marcus Botacin
 
Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...
Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...
Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...
Marcus Botacin
 
Integridade, confidencialidade, disponibilidade, ransomware
Integridade, confidencialidade, disponibilidade, ransomwareIntegridade, confidencialidade, disponibilidade, ransomware
Integridade, confidencialidade, disponibilidade, ransomware
Marcus Botacin
 
An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Leve...
An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Leve...An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Leve...
An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Leve...
Marcus Botacin
 
UMLsec
UMLsecUMLsec
The Internet Banking [in]Security Spiral: Past, Present, and Future of Online...
The Internet Banking [in]Security Spiral: Past, Present, and Future of Online...The Internet Banking [in]Security Spiral: Past, Present, and Future of Online...
The Internet Banking [in]Security Spiral: Past, Present, and Future of Online...
Marcus Botacin
 
Análise do Malware Ativo na Internet Brasileira: 4 anos depois. O que mudou?
Análise do Malware Ativo na Internet Brasileira: 4 anos depois. O que mudou?Análise do Malware Ativo na Internet Brasileira: 4 anos depois. O que mudou?
Análise do Malware Ativo na Internet Brasileira: 4 anos depois. O que mudou?
Marcus Botacin
 
Towards Malware Decompilation and Reassembly
Towards Malware Decompilation and ReassemblyTowards Malware Decompilation and Reassembly
Towards Malware Decompilation and Reassembly
Marcus Botacin
 
Reverse Engineering Course
Reverse Engineering CourseReverse Engineering Course
Reverse Engineering Course
Marcus Botacin
 
Malware Variants Identification in Practice
Malware Variants Identification in PracticeMalware Variants Identification in Practice
Malware Variants Identification in Practice
Marcus Botacin
 

More from Marcus Botacin (20)

Machine Learning by Examples - Marcus Botacin - TAMU 2024
Machine Learning by Examples - Marcus Botacin - TAMU 2024Machine Learning by Examples - Marcus Botacin - TAMU 2024
Machine Learning by Examples - Marcus Botacin - TAMU 2024
 
Near-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless MalwareNear-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless Malware
 
GPThreats-3: Is Automated Malware Generation a Threat?
GPThreats-3: Is Automated Malware Generation a Threat?GPThreats-3: Is Automated Malware Generation a Threat?
GPThreats-3: Is Automated Malware Generation a Threat?
 
[HackInTheBOx] All You Always Wanted to Know About Antiviruses
[HackInTheBOx] All You Always Wanted to Know About Antiviruses[HackInTheBOx] All You Always Wanted to Know About Antiviruses
[HackInTheBOx] All You Always Wanted to Know About Antiviruses
 
[Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change!
[Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change![Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change!
[Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change!
 
Hardware-accelerated security monitoring
Hardware-accelerated security monitoringHardware-accelerated security monitoring
Hardware-accelerated security monitoring
 
How do we detect malware? A step-by-step guide
How do we detect malware? A step-by-step guideHow do we detect malware? A step-by-step guide
How do we detect malware? A step-by-step guide
 
Extraindo Caracterı́sticas de Arquivos Binários Executáveis
Extraindo Caracterı́sticas de Arquivos Binários ExecutáveisExtraindo Caracterı́sticas de Arquivos Binários Executáveis
Extraindo Caracterı́sticas de Arquivos Binários Executáveis
 
On the Malware Detection Problem: Challenges & Novel Approaches
On the Malware Detection Problem: Challenges & Novel ApproachesOn the Malware Detection Problem: Challenges & Novel Approaches
On the Malware Detection Problem: Challenges & Novel Approaches
 
All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...
All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...
All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...
 
Near-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless MalwareNear-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless Malware
 
Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...
Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...
Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...
 
Integridade, confidencialidade, disponibilidade, ransomware
Integridade, confidencialidade, disponibilidade, ransomwareIntegridade, confidencialidade, disponibilidade, ransomware
Integridade, confidencialidade, disponibilidade, ransomware
 
An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Leve...
An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Leve...An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Leve...
An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Leve...
 
UMLsec
UMLsecUMLsec
UMLsec
 
The Internet Banking [in]Security Spiral: Past, Present, and Future of Online...
The Internet Banking [in]Security Spiral: Past, Present, and Future of Online...The Internet Banking [in]Security Spiral: Past, Present, and Future of Online...
The Internet Banking [in]Security Spiral: Past, Present, and Future of Online...
 
Análise do Malware Ativo na Internet Brasileira: 4 anos depois. O que mudou?
Análise do Malware Ativo na Internet Brasileira: 4 anos depois. O que mudou?Análise do Malware Ativo na Internet Brasileira: 4 anos depois. O que mudou?
Análise do Malware Ativo na Internet Brasileira: 4 anos depois. O que mudou?
 
Towards Malware Decompilation and Reassembly
Towards Malware Decompilation and ReassemblyTowards Malware Decompilation and Reassembly
Towards Malware Decompilation and Reassembly
 
Reverse Engineering Course
Reverse Engineering CourseReverse Engineering Course
Reverse Engineering Course
 
Malware Variants Identification in Practice
Malware Variants Identification in PracticeMalware Variants Identification in Practice
Malware Variants Identification in Practice
 

Recently uploaded

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 

Recently uploaded (20)

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 

On the Security of Application Installers & Online Software Repositories

  • 1. Introduction Repositories Installers Trojanization Conclusion On the Security of Application Installers & Online Software Repositories Marcus Botacin1 Giovanni Bert˜ao2 Paulo de Geus2 Andr´e Gr´egio1 Christopher Kruegel3 Giovanni Vigna3 1Federal University of Paran´a – Brazil (UFPR) {mfbotacin,gregio}@inf.ufpr.br 2University of Campinas – Brazil (UNICAMP) {bertao,paulo}@lasca.ic.unicamp.br 3University of California at Santa Barbara – USA (UCSB) {chris,vigna}@ucsb.edu 2020 On the Security of Application Installers & Online Software Repositories 1 / 38 DIMVA 2020
  • 2. Introduction Repositories Installers Trojanization Conclusion Agenda 1 Introduction 2 Repositories 3 Installers 4 Trojanization 5 Conclusion On the Security of Application Installers & Online Software Repositories 2 / 38 DIMVA 2020
  • 3. Introduction Repositories Installers Trojanization Conclusion Agenda 1 Introduction 2 Repositories 3 Installers 4 Trojanization 5 Conclusion On the Security of Application Installers & Online Software Repositories 3 / 38 DIMVA 2020
  • 4. Introduction Repositories Installers Trojanization Conclusion Apps Stores Figure: Android’s App Store. On the Security of Application Installers & Online Software Repositories 4 / 38 DIMVA 2020
  • 5. Introduction Repositories Installers Trojanization Conclusion Desktop Software Repositories Figure: Evaluated Repositories. On the Security of Application Installers & Online Software Repositories 5 / 38 DIMVA 2020
  • 6. Introduction Repositories Installers Trojanization Conclusion Software Repositories Figure: Software Inclusion. On the Security of Application Installers & Online Software Repositories 6 / 38 DIMVA 2020
  • 7. Introduction Repositories Installers Trojanization Conclusion Software Repositories Figure: Multiple Versions. On the Security of Application Installers & Online Software Repositories 7 / 38 DIMVA 2020
  • 8. Introduction Repositories Installers Trojanization Conclusion Software Repositories Figure: Repackaging. On the Security of Application Installers & Online Software Repositories 8 / 38 DIMVA 2020
  • 9. Introduction Repositories Installers Trojanization Conclusion Software Repositories Figure: Binary Replacement. On the Security of Application Installers & Online Software Repositories 9 / 38 DIMVA 2020
  • 10. Introduction Repositories Installers Trojanization Conclusion Software Repositories Figure: Security Checks. On the Security of Application Installers & Online Software Repositories 10 / 38 DIMVA 2020
  • 11. Introduction Repositories Installers Trojanization Conclusion Software Repositories Table: Repository Summary. Repository Uploaded By Reviewed By Sponsored Ranking Servers Security Checks FileHorse Users Site Internal/External Cnet Users Site External* FileHippo Site Site Internal SourceForge Users Internal Softpedia Users Site Internal/External On the Security of Application Installers Online Software Repositories 11 / 38 DIMVA 2020
  • 12. Introduction Repositories Installers Trojanization Conclusion Research Questions Repositories How often do they replace binaries? How fast do applications climb the rankings? Installers How do installers work? Are they vulnerable? Trojanization Is there evidence of Trojanization? Is Trojanization prevalent? On the Security of Application Installers Online Software Repositories 12 / 38 DIMVA 2020
  • 13. Introduction Repositories Installers Trojanization Conclusion Methodology Steps Tools 1 Scrapy: Daily crawl installer binaries. 2 AutoIT: Automate installers execution on a sandbox. Figure: Automated Installation Example. On the Security of Application Installers Online Software Repositories 13 / 38 DIMVA 2020
  • 14. Introduction Repositories Installers Trojanization Conclusion Agenda 1 Introduction 2 Repositories 3 Installers 4 Trojanization 5 Conclusion On the Security of Application Installers Online Software Repositories 14 / 38 DIMVA 2020
  • 15. Introduction Repositories Installers Trojanization Conclusion Dataset Table: Dataset overview. The number of unique files differs due to changes in distribution over time. Repository Programs (#) Unique Files (#) FileHorse 82 314 Cnet 118 295 FileHippo 433 906 SourceForge 99 631 Softpedia 901 897 Total 1,633 2,935 Table: File sharing among repositories. They usually do not share files for the same programs. Repositories Sharing Rate (%) (Cnet, FileHorse) 48.04 (FileHippo, FileHorse) 17.65 (Cnet, FileHippo) 15.69 (FileHippo, Source Forge) 07.84 (Cnet, Softpedia) 04.90 (Cnet, Source Forge) 03.92 (FileHorse, Softpedia) 00.98 (FileHippo, Softpedia) 00.98 On the Security of Application Installers Online Software Repositories 15 / 38 DIMVA 2020
  • 16. Introduction Repositories Installers Trojanization Conclusion Dataset Table: File types distribution. Self-contained PE files are the prevalent type of program installers. Type Format Prevalence (%) Java 0.67 ISO 1.04 Compressed 7-zip 0.37 RAR 0.30 File XZ 0.37 ZIP 20.47 Formats bzip2 0.37 gzip 1.34 Windows DOS 0.45 PE 65.63 Binaries .Net 0.67 PE+ 0.45 Other 7.87 Table: Binary file’s size distribution. Small binaries are associated to downloaders and large ones to droppers. Interval (MB) Frequency Binaries(%) [0.000, 0.400) 93 5.42 [0.400, 1.400) 128 7.46 [1.400, 5.000) 242 14.11 [5.000, 70.000) 619 36.08 [70.000, 150.400) 145 8.45 [150.400, 600.400) 105 6.12 [600.400, 888.000) 16 0.93 On the Security of Application Installers Online Software Repositories 16 / 38 DIMVA 2020
  • 17. Introduction Repositories Installers Trojanization Conclusion Installers Collection 0 100 200 300 400 500 600 700 800 900 1000 0 30 60 90 120 150 Hashes(#) Days Total Hashes per Repository Softpedia FileHippo FileHorse SourceForge Cnet Figure: Accumulative downloads for each software repository. 0 20 40 60 80 100 120 0 30 60 90 120 150 Hashes(#) Days Daily Hashes per Repository Softpedia FileHippo FileHorse SourceForge Cnet Figure: Daily Downloads. FileHippo’s servers were unreachable in the last week. On the Security of Application Installers Online Software Repositories 17 / 38 DIMVA 2020
  • 18. Introduction Repositories Installers Trojanization Conclusion Evolution Strategy 1: Adding a new repository entry1 Figure: Ranking position changes of the top-100 downloaded programs. Figure: Distribution of Programs in Ranking Positions. 1 Hypothesized based on the behavior of all installers, not only Trojanized ones. On the Security of Application Installers Online Software Repositories 18 / 38 DIMVA 2020
  • 19. Introduction Repositories Installers Trojanization Conclusion Evolution Strategy 2: Replacing an existing binary2 Figure: Download of new (unique) files. Figure: Distributed Binaries Updates. 2 Hypothesized based on the behavior of all installers, not only Trojanized ones. On the Security of Application Installers Online Software Repositories 19 / 38 DIMVA 2020
  • 20. Introduction Repositories Installers Trojanization Conclusion Agenda 1 Introduction 2 Repositories 3 Installers 4 Trojanization 5 Conclusion On the Security of Application Installers Online Software Repositories 20 / 38 DIMVA 2020
  • 21. Introduction Repositories Installers Trojanization Conclusion Installer Types 1 C: installer.exe|Write|C: UsersWin7AppDataLocalTemp {907 A1104 -E812 -4b5c -959B-E4DAB37A96AB } vsdrinst64.exe 2 C: installer.exe|Write|C: UsersWin7AppDataLocalTemp {907 A1104 -E812 -4b5c -959B-E4DAB37A96AB } Install.exe Code 1: Dropper Installer. Some Installers drop embedded payloads to disk and launch them as new processes. 1 GET 200.143.247.9:80 (et1.zonealarm.com/V1? 2 TW9kdWxlPWluc3RhbGxlch98U2Vzc2lvbj0wYzNjNDA1OD ) Code 2: Downloader Installer. Some Installers perform (encoded) network requests to retrieve payloads from Internet. On the Security of Application Installers Online Software Repositories 21 / 38 DIMVA 2020
  • 22. Introduction Repositories Installers Trojanization Conclusion Downloaders Figure: Internet-Based Installers. Some applications require Internet access for full software installation. On the Security of Application Installers Online Software Repositories 22 / 38 DIMVA 2020
  • 23. Introduction Repositories Installers Trojanization Conclusion System Changes Table: Top-5 file extensions most written by installers. Extension DLL EXE TMP VPX SYS Files (#) 6,949 1,309 1,302 811 790 1 C: UsersWin7AppDataLocalTempBullGuard Backup Setup.exe| SetValueKey|HKUuserid SoftwareMicrosoftWindows CurrentVersion Internet Settings|ProxyEnable |1 Code 3: Proxy Definition. Some installers change system-wide proxy settings. On the Security of Application Installers Online Software Repositories 23 / 38 DIMVA 2020
  • 24. Introduction Repositories Installers Trojanization Conclusion Persistence 1 C: UsersWin7AppDataLocalTemp 7 zS4DEAD364Stub.exe| SetValueKey|HKUuserid SoftwareMicrosoftWindows CurrentVersion RunOnce|PandaRunOnce| Code 4: Persistence. Some installers set executable paths in the Registry to be executed after a system reboot. 1 C: UsersWin7AppDataLocalTempajAE1E.exe|SetValueKey|HKLM SOFTWAREWow6432NodeAVAST SoftwareBrowser| installer_run_count |1 Code 5: Multi-Step Installers. They control how many times they will run. On the Security of Application Installers Online Software Repositories 24 / 38 DIMVA 2020
  • 25. Introduction Repositories Installers Trojanization Conclusion Network Usage 1 GET iavs9x.u.avast.com/iavs9x/ avast_free_antivirus_setup_online_x64 .exe 2 GET download.bitdefender.com/windows/bp/all/avfree_64b.exe 3 GET iavs9x.avg.u.avcdn.net/avg/iavs9x/ avg_antivirus_free_setup_x64 .exe 4 GET dm.kaspersky -labs.com/en/KAV /19.0.0.1088/ startup.exe 5 GET download.bullguard.com/ BullGuard190AV_x64_190411 .exe Code 6: Unencrypted Download by Installers. The use of HTTP-only connections may make users vulnerable. On the Security of Application Installers Online Software Repositories 25 / 38 DIMVA 2020
  • 26. Introduction Repositories Installers Trojanization Conclusion Network Attacks Bad Practice https://www.youtube.com/watch?v=dRI0J9TGqy4 Good Practice https://www.youtube.com/watch?v=vGrLbFlyXb0 On the Security of Application Installers Online Software Repositories 26 / 38 DIMVA 2020
  • 27. Introduction Repositories Installers Trojanization Conclusion Installation Tracking 1 GET /v1/offer/campaignFilter /? bundleId=UT006campaignId =5 b6352b3ce72513ae0a6beef 2 GET sos.adaware.com|/v1/offer/campaignFilter /? bundleId=UT006 campaignId =5 b6352b3ce72513ae0a6beef 3 GET flow.lavasoft.com|/v1/event -stat?ProductID=ISType= StubBundleStart Code 7: Installation Tracking. Some installers sent back tracking information to notify providers about the installation. On the Security of Application Installers Online Software Repositories 27 / 38 DIMVA 2020
  • 28. Introduction Repositories Installers Trojanization Conclusion Uninstallers 1 C: UsersWin7AppDataLocalTemp {907 A1104 -E812 -4b5c -959B- E4DAB37A96AB } Install.exe|Create|C: UsersWin7AppData LocalTemp {907 A1104 -E812 -4b5c -959B-E4DAB37A96AB } Uninst. exe Code 8: Uninstaller Definition. Some Installers set uninstallers for the applications. 1 C: Program Files (x86)GUM5D5C.tmpfmanUpdate.exe|SetValueKey ||HKUuserid SoftwarefmanUpdate| UninstallCmdLine |C: UsersWin7AppDataLocalfmanUpdatefmanUpdate.exe / uninstall Code 9: Parameter-Based Uninstallers. They define command line parameters for software removal. On the Security of Application Installers Online Software Repositories 28 / 38 DIMVA 2020
  • 29. Introduction Repositories Installers Trojanization Conclusion Third-Party Components 1 C: installer 3 rdPartyAppGoogleToolBar GoogleToolbarInstaller_zh -TW.exe Code 10: Google Toolbar embedded as third-party extension of the main app. 1 HKCUSoftwareMicrosoftInternet ExplorerLinksBarItemCache ToolBar|Add Code 11: IE Settings Modification. New bookmarks, cookies, and configurations set in the browser. 1 C: UsersWin7AppDataLocalTempis -3 ACQL.tmp Advertising_english .exe Code 12: Adware. The advertisement software is dropped from a file created by the main installer. On the Security of Application Installers Online Software Repositories 29 / 38 DIMVA 2020
  • 30. Introduction Repositories Installers Trojanization Conclusion Targeting Fingerprinting 1 C: Setup.exe|SetValueKey|HKCUuserid SoftwareMicrosoft SQMClient|UserId |{ C2CFE0D4 -A3A2 -4458 -A73F -F16F10E4C0D7} 2 C: Setup.exe|SetValueKey|HKCUuserid SoftwareMicrosoft SQMClient|UserId |{ EA0CB74D -DB5D -40EE -A402 -47 A97F23904E} 3 C: Setup.exe|SetValueKey|HKCUuserid SoftwareMicrosoft SQMClient|UserId |{ E81A6607 -9EB3 -49BA -B354 -FA42817594BA} Code 13: Tracking IDs of installers of distinct repositories. Each installer presents a distinct tracking ID according the repository from which they were downloaded. On the Security of Application Installers Online Software Repositories 30 / 38 DIMVA 2020
  • 31. Introduction Repositories Installers Trojanization Conclusion Agenda 1 Introduction 2 Repositories 3 Installers 4 Trojanization 5 Conclusion On the Security of Application Installers Online Software Repositories 31 / 38 DIMVA 2020
  • 32. Introduction Repositories Installers Trojanization Conclusion Popularity Figure: Security Warning. Trojanization has become popular to the point of some installers warning users about this possibility. On the Security of Application Installers Online Software Repositories 32 / 38 DIMVA 2020
  • 33. Introduction Repositories Installers Trojanization Conclusion AV Scans 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% Trojan PUA Win32/* Unsafe malw Adw Pack Prevalence(%) Families AV Detection Labels Distribution Label Figure: AV Labels Distribution. Many samples were considered either as malicious or as Trojanized. 0 10 20 30 40 50 60 70 0 5 10 15 20 25 30 35 DetectedSamples(%) AV ID (#) Detected Trojans per AV Figure: Trojanized Apps Detection per AV. Distinct AVs present very distinct criteria and thus detection rates. On the Security of Application Installers Online Software Repositories 33 / 38 DIMVA 2020
  • 34. Introduction Repositories Installers Trojanization Conclusion Repositories 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% Trojan PUA Win32/* Unsafe malw Adw Pack Prevalence(%) Families AV Detection Labels Distribution Label Figure: AV Labels Distribution. Many samples were considered either as malicious or as Trojanized. 0% 10% 20% 30% 40% 50% Cnet FHorse FHippo SForge Spedia Trojans(%) Detected Trojan Distribution Figure: Trojanized Apps Detection per Repository. Distinct repositories present very distinct rates. On the Security of Application Installers Online Software Repositories 34 / 38 DIMVA 2020
  • 35. Introduction Repositories Installers Trojanization Conclusion Agenda 1 Introduction 2 Repositories 3 Installers 4 Trojanization 5 Conclusion On the Security of Application Installers Online Software Repositories 35 / 38 DIMVA 2020
  • 36. Introduction Repositories Installers Trojanization Conclusion Implications For Users Always prefer downloading from the official source. For Repositories Pay special attention to popular applications. For Researchers Scan binaries before assuming goodware ground-truth. Make hashes available to ensure reproducibility. On the Security of Application Installers Online Software Repositories 36 / 38 DIMVA 2020
  • 37. Introduction Repositories Installers Trojanization Conclusion A Possible Future Figure: Microsoft’s App Store. On the Security of Application Installers Online Software Repositories 37 / 38 DIMVA 2020
  • 38. Introduction Repositories Installers Trojanization Conclusion Thank You! Contact E-mail: mfbotacin@inf.ufpr.br Twitter: @MarcusBotacin Source Code Github: https://github.com/marcusbotacin/Application.Installers.Overview On the Security of Application Installers Online Software Repositories 38 / 38 DIMVA 2020
  • 39. Introduction Repositories Installers Trojanization Conclusion Multiple Apps Versions Figure: Multiple Skype Versions. Figure: Multiple Chrome Versions. On the Security of Application Installers Online Software Repositories 38 / 38 DIMVA 2020
  • 40. Introduction Repositories Installers Trojanization Conclusion Installer’s Policies Action “We collect some limited information that your device and browser routinely make available whenever you visit a website or interact with any online service.” Goal “We collect this data to improve the overall quality of the online experience, including product monitoring, product improvement, and targeted advertising.” Scope “We may also include offers from third parties as part of the installation process for our Software.” On the Security of Application Installers Online Software Repositories 38 / 38 DIMVA 2020
  • 41. Introduction Repositories Installers Trojanization Conclusion Integrity Checking (Other Platforms) Figure: Integrity check on a bank’s app. On the Security of Application Installers Online Software Repositories 38 / 38 DIMVA 2020
  • 42. Introduction Repositories Installers Trojanization Conclusion Thank You (Once Again)! Contact E-mail: mfbotacin@inf.ufpr.br Twitter: @MarcusBotacin Source Code Github: https://github.com/marcusbotacin/Application.Installers.Overview On the Security of Application Installers Online Software Repositories 38 / 38 DIMVA 2020