Following the Money: Characterizing the Monetization Ecosystem of Stalkerware Through Application Analysis

Tuesday, August 08, 2023 - 9:15 am9:45 am

Kevin Butler, University of Florida


Stalkerware is a form of malware that allows for the abusive monitoring of intimate partners. In this talk, we describe how we leveraged our work in analyzing smartphone apps to examine the problem of stalkerware and to build relationships within the Coalition Against Stalkerware to better understand how these apps our deployed. We discuss our analysis of monetization among over 6,000 stalkerware apps by examining their decompiled source code and discovering insights about in-app advertising libraries, payment processors, and how stalkerware apps have responded to changes in the Google Play Store’s terms of service banning stalkerware. We also examine code reuse and repackaging in these apps to understand both who is authoring them and how they are making money in order to best combat this pernicious malware.

Kevin Butler, University of Florida

Kevin Butler is a Professor of Computer Science and University Term Professor in the Department of Computer and Information Science and Engineering at the University of Florida. He is Director of the Florida Institute for Cybersecurity Research, and he directs the NSF Center for Privacy and Security for Marginalized and Vulnerable Populations (PRISM). Kevin's research focuses on the security of computer systems and the security and privacy of its users. His work has covered areas such as embedded and IoT systems, firmware analysis, trustworthy computing, mobile device security and privacy, data integrity and provenance, cyber-physical systems, adversarial machine learning, network security, and cloud systems security.

@conference {292499,
author = {Kevin Butler},
title = {Following the Money: Characterizing the Monetization Ecosystem of Stalkerware Through Application Analysis},
year = {2023},
address = {Anaheim, CA},
publisher = {USENIX Association},
month = aug