{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,4]],"date-time":"2026-04-04T02:56:11Z","timestamp":1775271371120,"version":"3.50.1"},"publisher-location":"Cham","reference-count":37,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319263618","type":"print"},{"value":"9783319263625","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-26362-5_18","type":"book-chapter","created":{"date-parts":[[2015,10,26]],"date-time":"2015-10-26T14:10:45Z","timestamp":1445868645000},"page":"382-404","source":"Crossref","is-referenced-by-count":153,"title":["HelDroid: Dissecting and Detecting Mobile Ransomware"],"prefix":"10.1007","author":[{"given":"Nicol\u00f3","family":"Andronio","sequence":"first","affiliation":[]},{"given":"Stefano","family":"Zanero","sequence":"additional","affiliation":[]},{"given":"Federico","family":"Maggi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,12,12]]},"reference":[{"key":"18_CR1","doi-asserted-by":"crossref","unstructured":"Young, A., Yung, M.: Cryptovirology: extortion-based security threats and countermeasures. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 129\u2013140, May 1996","DOI":"10.1109\/SECPRI.1996.502676"},{"key":"18_CR2","unstructured":"McAfee Labs: Threats report, November 2014. McAfee Labs, November 2014"},{"key":"18_CR3","unstructured":"Ransomware on the rise, January 2015. http:\/\/www.fbi.gov\/news\/stories\/2015\/january\/ransomware-on-the-rise"},{"key":"18_CR4","unstructured":"Perlroth, N.: Android phones hit by \u2018Ransomware\u2019, August 2014. http:\/\/bits.blogs.nytimes.com\/2014\/08\/22\/android-phones-hit-byransomware\/"},{"key":"18_CR5","unstructured":"Lab. Koler - the police ransomware for android, June 2014. http:\/\/securelist.com\/blog\/research\/65189\/behind-the-android-oskoler-distribution-network\/"},{"key":"18_CR6","unstructured":"SurfRight. HitmanPro.kickstart, March 2014. http:\/\/www.surfright.nl\/en\/kickstart"},{"key":"18_CR7","unstructured":"Avast Software. Avast ransomware removal, June 2014. https:\/\/play.google.com\/store\/apps\/details?id=com.avast.android.malwareremoval"},{"key":"18_CR8","doi-asserted-by":"crossref","unstructured":"Arp, D., et al.: Drebin: effective and explainable detection of android malware in your pocket. In: Network and Distributed System Security (NDSS) Symposium, San Diego, California (2014)","DOI":"10.14722\/ndss.2014.23247"},{"key":"18_CR9","doi-asserted-by":"crossref","unstructured":"Spagnuolo, M., Maggi, F., Zanero, S.: BitIodine: extracting intelligence from the bitcoin network. In: Financial Cryptography and Data Security, Barbados, 3 March 2014","DOI":"10.1007\/978-3-662-45472-5_29"},{"key":"18_CR10","unstructured":"Jarvis, K.: CryptoLocker ransomware, December 2013. http:\/\/www.secureworks.com\/cyber-threat-intelligence\/threats\/cryptolockerransomware\/"},{"key":"18_CR11","unstructured":"Chrysaidos, N.: Mobile crypto-ransomware simplocker now on steroids, February 2015. https:\/\/blog.avast.com\/2015\/02\/10\/mobile-cryptoransomware-simplocker-now-on-steroids\/"},{"key":"18_CR12","unstructured":"Hamada, J.: Simplocker: first confirmed file-encrypting ransomware for android, June 2014. http:\/\/www.symantec.com\/connect\/blogs\/simplocker-first-confirmed-file-encrypting-ransomware-android"},{"key":"18_CR13","unstructured":"Unuchek, R.: Latest version of svpeng targets users in US, June 2014. http:\/\/securelist.com\/blog\/incidents\/63746\/latest-version-ofsvpeng-targets-users-in-us\/"},{"key":"18_CR14","unstructured":"Kelly, M.: US targeted by coercive mobile ransomware impersonating the FBI, July 2014. https:\/\/blog.lookout.com\/blog\/2014\/07\/16\/scarepakage\/"},{"key":"18_CR15","doi-asserted-by":"crossref","unstructured":"Gr\u00f6bert, F., Willems, C., Holz, T.: Automated identification of cryptographic primitives in binary programs. In: Recent Advances in Intrusion Detection, pp. 41\u201360 (2011)","DOI":"10.1007\/978-3-642-23644-0_3"},{"key":"18_CR16","doi-asserted-by":"crossref","unstructured":"Lestringant, P., Guih\u00e9ry, F., Fouque, P.-A.: Automated identification of cryptographic primitives in binary code with data flow graph isomorphism. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 203\u2013214, New York, NY, USA (2015)","DOI":"10.1145\/2714576.2714639"},{"key":"18_CR17","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1007\/978-1-4614-3223-4_6","volume-title":"Mining Text Data","author":"CC Aggarwal","year":"2012","unstructured":"Aggarwal, C.C., Zhai, C.: A survey of text classification algorithms. In: Aggarwal, C.C., Zhai, C. (eds.) Mining Text Data, pp. 163\u2013222. Springer, US (2012)"},{"key":"18_CR18","unstructured":"The snowball language. http:\/\/snowball.tartarus.org\/"},{"key":"18_CR19","unstructured":"Shuyo, N.: Language detection library for java (2010). http:\/\/code.google.com\/p\/language-detection\/"},{"key":"18_CR20","unstructured":"van der Veen, V., Bos, H., Rossow, C.: Dynamic analysis of android malware. VU University Amsterdam, August 2013. http:\/\/tracedroid.few.vu.nl\/"},{"key":"18_CR21","doi-asserted-by":"crossref","unstructured":"Hoffmann, J., et al.: Slicing droids: program slicing for smali code. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing, pp. 1844\u20131851, New York, NY, USA (2013)","DOI":"10.1145\/2480362.2480706"},{"key":"18_CR22","doi-asserted-by":"crossref","unstructured":"Arzt, S., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 259\u2013269, New York, NY, USA (2014)","DOI":"10.1145\/2666356.2594299"},{"key":"18_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"51","DOI":"10.1007\/978-3-319-08509-8_4","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"M Lindorfer","year":"2014","unstructured":"Lindorfer, M., Volanis, S., Sisto, A., Neugschwandtner, M., Athanasopoulos, E., Maggi, F., Platzer, C., Zanero, S., Ioannidis, S.: AndRadar: fast discovery of android applications in alternative markets. In: Dietrich, S. (ed.) DIMVA 2014. LNCS, vol. 8550, pp. 51\u201371. Springer, Heidelberg (2014)"},{"key":"18_CR24","doi-asserted-by":"crossref","unstructured":"Maggi, F., Valdi, A., Zanero, S.: AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors. In: Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 49\u201354, New York, NY, USA (2013)","DOI":"10.1145\/2516760.2516768"},{"key":"18_CR25","doi-asserted-by":"crossref","unstructured":"Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: Proceedings of the 33rd IEEE Symposium on Security and Privacy, San Francisco, CA, May 2012. http:\/\/www.malgenomeproject.org\/","DOI":"10.1109\/SP.2012.16"},{"key":"18_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-89862-7_1","volume-title":"Information Systems Security","author":"D Song","year":"2008","unstructured":"Song, D., Brumley, D., Yin, H., Caballero, J., Jager, I., Kang, M.G., Liang, Z., Newsome, J., Poosankam, P., Saxena, P.: BitBlaze: a new approach to computer security via binary analysis. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 1\u201325. Springer, Heidelberg (2008)"},{"key":"18_CR27","unstructured":"Schwartz, E.J., et al.: Native x86 decompilation using semantics-preserving structural analysis and iterative control-flow structuring. In: USENIX security (2013)"},{"key":"18_CR28","unstructured":"Slowinska, A., Stancescu, T., Bos, H.: Howard: a dynamic excavator for reverse engineering data structures. In: Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA (2011)"},{"key":"18_CR29","unstructured":"Manning, C.D., et al.: The stanford Core NLP natural language processing toolkit. In: Proceedings of 52nd Annual Meeting of the Association for Computational Linguistics: System Demonstrations, pp. 55\u201360 (2014). http:\/\/www.aclweb.org\/anthology\/P\/P14\/P14-5010"},{"key":"18_CR30","doi-asserted-by":"crossref","unstructured":"Poeplau, S., et al.: Execute this! analyzing unsafe and malicious dynamic code loading in android applications. In: Proceedings of the Network and Distributed System Security Symposium (NDSS), pp. 23\u201326 (2014)","DOI":"10.14722\/ndss.2014.23328"},{"key":"18_CR31","doi-asserted-by":"crossref","unstructured":"Zhou, W., et al.: Fast, scalable detection of \u201cpiggybacked\u201d mobile applications. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, pp. 185\u2013196, New York, NY, USA (2013)","DOI":"10.1145\/2435349.2435377"},{"key":"18_CR32","doi-asserted-by":"crossref","unstructured":"Bursztein, E., Martin, M., Mitchell, J.: Text-based CAPTCHA strengths and weaknesses. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 125\u2013138, New York, NY, USA (2011)","DOI":"10.1145\/2046707.2046724"},{"key":"18_CR33","doi-asserted-by":"crossref","unstructured":"Chakradeo, S., et al.: MAST: triage for market-scale mobile malware analysis. In: Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 13\u201324, New York, NY, USA (2013)","DOI":"10.1145\/2462096.2462100"},{"issue":"1","key":"18_CR34","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/s10844-010-0148-x","volume":"38","author":"A Shabtai","year":"2012","unstructured":"Shabtai, A., et al.: Andromaly: a behavioral malware detection framework for android devices. J. Intell. Inf. Syst. 38(1), 161\u2013190 (2012)","journal-title":"J. Intell. Inf. Syst."},{"key":"18_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-20550-2_1","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"A Kharraz","year":"2015","unstructured":"Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the gordian knot: a look under the hood of ransomware attacks. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 3\u201324. Springer, Heidelberg (2015)"},{"issue":"2","key":"18_CR36","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1007\/s10207-006-0082-7","volume":"5","author":"A Young","year":"2006","unstructured":"Young, A.: Cryptoviral extortion using microsoft\u2019s crypto API. Int. J. Inf. Secur. 5(2), 67\u201376 (2006)","journal-title":"Int. J. Inf. Secur."},{"key":"18_CR37","doi-asserted-by":"crossref","unstructured":"Jarabek, C., Barrera, D., Aycock, J.: ThinAV: truly lightweight mobile cloud-based anti-malware. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 209\u2013218, New York, NY, USA (2012)","DOI":"10.1145\/2420950.2420983"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-26362-5_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,31]],"date-time":"2025-05-31T04:26:11Z","timestamp":1748665571000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-26362-5_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319263618","9783319263625"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-26362-5_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015]]}}}