On the Effectiveness of System API-Related Information for Android Ransomware Detection

Ransomware constitutes a significant threat to the Android operating system. It can either lock or encrypt the target devices, and victims are forced to pay ransoms to restore their data. Hence, the prompt detection of such attacks has a priority in comparison to other malicious threats. Previous works on Android malware detection mainly focused on Machine Learning-oriented approaches that were tailored to identifying malware families, without a clear focus on ransomware. More specifically, such approaches resorted to complex information types such as permissions, user-implemented API calls, and native calls. However, this led to significant drawbacks concerning complexity, resilience against obfuscation, and explainability. To overcome these issues, in this paper, we propose and discuss learning-based detection strategies that rely on System API information. These techniques leverage the fact that ransomware attacks heavily resort to System API to perform their actions, and allow distinguishing between generic malware, ransomware and goodware. We tested three different ways of employing System API information, i.e., through packages, classes, and methods, and we compared their performances to other, more complex state-of-the-art approaches. The attained results showed that systems based on System API could detect ransomware and generic malware with very good accuracy, comparable to systems that employed more complex information. Moreover, the proposed systems could accurately detect novel samples in the wild and showed resilience against static obfuscation attempts. Finally, to guarantee early on-device detection, we developed and released on the Android platform a complete ransomware and malware detector (R-PackDroid) that employed one of the methodologies proposed in this paper

R-PackDroid: API package-based characterization and detection of mobile ransomware

Ransomware has become a serious and concrete threat for mobile platforms and in particular for Android. In this paper, we propose R-PackDroid, a machine learning system for the detection of Android ransomware. Differently to previous works, we leverage information extracted from system API packages, which allow to characterize applications without specific knowledge of user-defined content such as the application language or strings. Results attained on very recent data show that it is possible to detect Android ransomware and to distinguish it from generic malware with very high accuracy. Moreover, we used R-PackDroid to flag applications that were detected as ransomware with very low confidence by the VirusTotal service. In this way, we were able to correctly distinguish true ransomware from false positives, thus providing valuable help for the analysis of these malicious applications

BTK Inhibitors Impair Platelet-Mediated Antifungal Activity

In recent years, the introduction of new drugs targeting Bruton’s tyrosine kinase (BTK) has allowed dramatic improvement in the prognosis of patients with chronic lymphocytic leukemia (CLL) and other B-cell neoplasms. Although these small molecules were initially considered less immunosuppressive than chemoimmunotherapy, an increasing number of reports have described the occurrence of unexpected opportunistic fungal infections, in particular invasive aspergillosis (IA). BTK represents a crucial molecule in several signaling pathways depending on different immune receptors. Based on a variety of specific off-target effects on innate immunity, namely on neutrophils, monocytes, pulmonary macrophages, and nurse-like cells, ibrutinib has been proposed as a new host factor for the definition of probable invasive pulmonary mold disease. The role of platelets in the control of fungal growth, through granule-dependent mechanisms, was described in vitro almost two decades ago and is, so far, neglected by experts in the field of clinical management of IA. In the present study, we confirm the antifungal role of platelets, and we show, for the first time, that the exposure to BTK inhibitors impairs several immune functions of platelets in response to Aspergillus fumigatus, i.e., the ability to adhere to conidia, activation (as indicated by reduced expression of P-selectin), and direct killing activity. In conclusion, our experimental data suggest that antiplatelet effects of BTK inhibitors may contribute to an increased risk for IA in CLL patients