NDSS 2025 – Understanding Miniapp Malware: Identification, Dissection, And Characterization
None
<p></p><center data-preserve-html-node="true"><br> <center data-preserve-html-node="true">———–<br> <center data-preserve-html-node="true"> <p>SESSION<br> Session 3C: Mobile Security</p><div class="code-block code-block-13" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-13-1" data-info="WyIxMy0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="U2hvcnQ=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://www.techstrongevents.com/cruisecon-virtual-west-2025/home?ref=in-article-ad-2&utm_source=sb&utm_medium=referral&utm_campaign=in-article-ad-2" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2025/10/Banner-770x330-social-1.png" alt="Cruise Con 2025"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div> <p></p><center data-preserve-html-node="true"><br> <center data-preserve-html-node="true">———–<br> <center data-preserve-html-node="true"> <p></p><center data-preserve-html-node="true"><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="" src="https://www.youtube-nocookie.com/embed/v-zG5KRcEwQ?si=kz6Dj6agxxDXWw5l" width="560" frameborder="0" data-preserve-html-node="true" title="YouTube video player" height="315"></iframe> <p></p><center data-preserve-html-node="true"><br> <center data-preserve-html-node="true">———–<br> <center data-preserve-html-node="true"> <p></p><center data-preserve-html-node="true">Authors, Creators & Presenters: Yuqing Yang (The Ohio State University), Yue Zhang (Drexel University), Zhiqiang Lin (The Ohio State University) <p></p><center data-preserve-html-node="true"><br> <center data-preserve-html-node="true">———–<br> <center data-preserve-html-node="true"> <p>PAPER<br> Understanding Miniapp Malware: Identification, Dissection, and Characterization<br> Super apps, serving as centralized platforms that manage user information and integrate third-party miniapps, have revolutionized mobile computing but also introduced significant security risks from malicious miniapps. Despite the mandatory miniapp vetting enforced to the built-in miniapp store, the threat of evolving miniapp malware persists, engaging in a continual cat-and-mouse game with platform security measures. However, compared with traditional paradigms such as mobile and web computing, there has been a lack of miniapp malware dataset available for the community to explore, hindering the generation of crucial insights and the development of robust detection techniques. In response to this, this paper addresses the scarcely explored territory of malicious miniapp analysis, dedicating over three year to identifying, dissecting, and examining the risks posed by these miniapps, resulting in the first miniapp malware dataset now available to aid future studies to enhance the security of super app ecosystems. To build the dataset, our primary focus has been on the WeChat platform, the largest super app, hosting millions of miniapps and serving a billion users. Over an extensive period, we collected over 4.5 million miniapps, identifying a subset (19, 905) as malicious through a rigorous cross-check process: 1) applying static signatures derived from real-world cases, and 2) confirming that the miniapps were delisted and removed from the market by the platform. With these identified samples, we proceed to characterize them, focusing on their lifecycle including propagation, activation, as well as payload execution. Additionally, we analyzed the collected malware samples using real-world cases to demonstrate their practical security impact. Our findings reveal that these malware frequently target user privacy, leverage social network sharing capabilities to disseminate unauthorized services, and manipulate the advertisement-based revenue model to illicitly generate profits. These actions result in significant privacy and financial harm to both users and the platform.</p> <p></p><center data-preserve-html-node="true"><br> <center data-preserve-html-node="true">———–<br> <center data-preserve-html-node="true"> <p></p><center data-preserve-html-node="true">ABOUT NDSS<br> <center data-preserve-html-node="true">The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies. <p></p><center data-preserve-html-node="true"><br> <center data-preserve-html-node="true">———–<br> <center data-preserve-html-node="true"> <p></p><center data-preserve-html-node="true">Our thanks to the **[Network and Distributed System Security (NDSS) Symposium][1]** for publishing their Creators, Authors and Presenter’s superb **[NDSS Symposium 2025 Conference][2]** content on the **[organization’s’][1]** **[YouTube][3]** channel. <p></p></center></center></center></center></center></center></center></center></center></center></center></center></center></center></center></center></center></center></center></center></center></center></center><p><a href="https://www.infosecurity.us/blog/2025/11/19/ndss-2025-understanding-miniapp-malware-identification-dissection-and-characterization">Permalink</a></p><p> </p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/11/ndss-2025-understanding-miniapp-malware-identification-dissection-and-characterization/" data-a2a-title="NDSS 2025 – Understanding Miniapp Malware: Identification, Dissection, And Characterization"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fndss-2025-understanding-miniapp-malware-identification-dissection-and-characterization%2F&linkname=NDSS%202025%20%E2%80%93%20Understanding%20Miniapp%20Malware%3A%20Identification%2C%20Dissection%2C%20And%20Characterization" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fndss-2025-understanding-miniapp-malware-identification-dissection-and-characterization%2F&linkname=NDSS%202025%20%E2%80%93%20Understanding%20Miniapp%20Malware%3A%20Identification%2C%20Dissection%2C%20And%20Characterization" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fndss-2025-understanding-miniapp-malware-identification-dissection-and-characterization%2F&linkname=NDSS%202025%20%E2%80%93%20Understanding%20Miniapp%20Malware%3A%20Identification%2C%20Dissection%2C%20And%20Characterization" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fndss-2025-understanding-miniapp-malware-identification-dissection-and-characterization%2F&linkname=NDSS%202025%20%E2%80%93%20Understanding%20Miniapp%20Malware%3A%20Identification%2C%20Dissection%2C%20And%20Characterization" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fndss-2025-understanding-miniapp-malware-identification-dissection-and-characterization%2F&linkname=NDSS%202025%20%E2%80%93%20Understanding%20Miniapp%20Malware%3A%20Identification%2C%20Dissection%2C%20And%20Characterization" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.infosecurity.us/">Infosecurity.US</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Marc Handelman">Marc Handelman</a>. Read the original post at: <a href="https://www.youtube-nocookie.com/embed/v-zG5KRcEwQ?si=kz6Dj6agxxDXWw5l">https://www.youtube-nocookie.com/embed/v-zG5KRcEwQ?si=kz6Dj6agxxDXWw5l</a> </p>