Shulou(Shulou.com)05/31 Report--

Network security under the new normal Android application supply chain security, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

Preface

By 2018, the development of mobile Internet has gone through a decade, intelligent devices have gone deep into all aspects of people's lives, and its security issues have always affected people's nerves. Since the growth of mobile malware in 2014, Google, mobile phone manufacturers and mobile security manufacturers have all invested a lot of energy to fight fiercely against malicious developers.

In the past few years, through the joint efforts of all parties, the rapid growth of ordinary Android malware has been curbed. According to Tencent Mobile Manager, 4.687 million new malicious samples were added to the Android platform in the first half of 2018, down 47.8% from the same period last year. But at the same time, Tencent big data has detected an increasing number of security problems in other links of the supply chain based on Android applications, indicating that malicious developers have paid more attention to the weak links in the supply chain of Android applications. In view of the strong concealment of supply chain security problems and the extensiveness of influence, it is hoped that all parties concerned will pay attention to the new forms of supply chain attacks and take effective security measures.

I. under the new normal, the security threat of Android application is transferred to the supply chain.

The 2017 Eternal Blue extortion Worm incident and the formal implementation of the Cyber Security Law is a watershed in the cyber security industry. The offensive and defensive situation of the vast number of government and enterprise organizations and the regulatory situation of cyber security have undergone fundamental changes. We call it the new normal of cyber security. In 2018, network security will enter this new normal in an all-round way, and security threats will increasingly highlight the characteristics of increasing complexity of attacks, industrialization of vulnerabilities, and civilian use of network arms. As an important area of the network security industry, mobile security, as the attack and defense confrontation enters the deep water area, the security threats also show new characteristics:

1. The overall growth trend of Android malicious samples has been curbed.

In the past few years, with the joint efforts of Google, mobile phone manufacturers and security manufacturers, the rapid growth of mobile malware has been curbed. According to Google's 2017 Android Security report, in 2017, more than 700000 apps were removed from Google Play due to violations of relevant regulations, and Android users had a 0.02% chance of downloading potentially malicious apps on Google Play, down 0.02% from 2016. According to Tencent Mobile Manager, 4.687 million new malicious samples were added to the Android platform in the first half of 2018, down 47.8% from the first half of 2017 (8.99 million), reversing the rapid growth momentum since 2015.

two。 More high-end mobile malware

Compared with the overall number of Android malicious applications shows a downward trend, high-end, complex mobile malware attacks have an upward trend. In recent years, security researchers and analysis teams have tracked more than 100 APT organizations and their activities. The attacks launched by these organizations are extremely complex and have rich weapon resources, including 0day vulnerabilities, fileless attack tools and so on. Attackers will also use more complex human resources to complete data theft tasks combined with traditional hacker attacks. In August 2016, Lookout published their research on Pegasus, a complex mobile spyware related to Israeli security company NSO Group, which combines multiple 0day vulnerabilities to remotely bypass the security defenses of modern mobile operating systems, and even break through iOS, which has always been known for security. In April 2017, Google released its analysis of Chrysaor, the Android version of Pegasus spyware. In addition to the above two types of mobile spyware, many other APT organizations have developed custom mobile implant malware. The assessment believes that the total number of mobile malware in the field may be higher than the number currently announced. It can be predicted that in 2018, the number of attacks will continue to increase, and more advanced mobile malware will be found.

3. More weak links in the supply chain are exploited.

In the research process of APT attacks, it is often seen that malicious attackers spend a long time trying to break through a certain target, and even if they fail repeatedly, they will continue to change ways or ways to try to break through until they find a suitable way or way to invade. At the same time, malicious attackers also pay more attention to the weakest link in the supply chain, such as mobile phone OTA upgrade service pre-installed backdoor program, third-party advertising SDK to steal user privacy and so on. With the protection of "legitimate software", this kind of attack is easy to bypass the detection of security products and carry out large-scale dissemination and attacks. Through Tencent big data monitoring, it is found that in recent years, there are more and more security incidents related to the supply chain of Android applications, and malicious software writers are increasingly making use of the inherent trust between users and software suppliers to deliver malicious carriers through endless attacks, resulting in incalculable losses.

To sum up, in the field of Android security, through the joint efforts of Google, mobile phone manufacturers and security manufacturers in the past few years, the rapid growth of common Android malware has been curbed, while malicious developers have turned more attention to the weak links in the supply chain of Android applications, in order to enhance the concealment of attacks, bypass the pursuit and interception of security manufacturers, and expand the scope of attacks. This paper enumerates the events related to the supply chain security of Android applications in recent years, analyzes the security challenges faced by the supply chain of Android applications, and puts forward corresponding countermeasures and suggestions.

II. Android application supply chain related concepts and link division

At present, there is no clear concept about the supply chain of Android application. According to the traditional concept of supply chain, we simply abstract it into the following links:

1. Development link

Application development involves development environment, development tools, third-party libraries and so on, and the specific process of development and implementation also includes requirement analysis, design, implementation and testing. In this link, the application products available to the end user are formed.

two。 Distribution link

The process that users get the application through the application store, network download, manufacturer's pre-installation, Rom built-in and other channels.

3. Use link

Users use the whole life cycle of the application, including upgrade, maintenance and so on.

Third, Android application supply chain ecological important security events

From the perspective of end-user security perception, the main security threats on Android are still information disclosure, deduction text messages, malicious advertising, mining Trojans, blackmail software and other common forms. Looking at the essence through the phenomenon, it is precisely because of some security vulnerabilities in the mobile ecological link that lead to the frequent occurrence and proliferation of these threats. Previously, the concept of application supply chain is defined and several related links are abstracted. attackers attacking each of the above links may affect the security of the final application product and the whole usage scenario.

Next, through the relevant security events, this paper will analyze the security risks introduced from the relevant links of the application supply chain, such as development tools, third-party libraries, distribution channels, application process and so on.

3.1 Security survey related to development tools

The most widespread attack on development tools was XcodeGhost (malicious code contamination of unofficial versions of Xcode) in 2015. Xcode, an integrated development tool (IDE) that runs on the operating system Mac OS X released by Apple, is the most mainstream tool for developing OS X and iOS applications. Attackers inject virus Xcode Ghost into an unofficial version of Xcode, which initially spreads through unofficial downloads of Xcode and infects through CoreService library files. When application developers work with poisonous Xcode, the compiled App will be injected with virus code, resulting in a large number of virus-carrying APP.

In the aspect of Android application development, due to the openness of the Android system and the convenience of access to official development tools, significant pollution incidents of development tools have not occurred on the Android platform. But at present, in order to further simplify the work of application developers, some manufacturers have further encapsulated the Android development environment, such as App Inventor supports drag-and-drop development, PhoneGap and other platforms support the direct use of html to develop applications, and so on. These development platforms usually apply for a large number of permissions related to user privacy in order to ensure the realization of functions, resulting in the security risk of privacy leakage. On the other hand, mobile programming tools AIDE and domestic easy language development tools that support Chinese development further reduce the entry threshold for malicious developers, and a large number of malicious applications developed by such tools enter the market, causing security risks to users.

3.2 third-party sdk security events

The development of Android applications involves many third-party SDK, including payment, statistics, advertising, social, push, map and other types. According to the analysis of the third-party SDK used by various types of applications TOP 100in the application market, it is found that the integration proportion of all kinds of SDK in the application is statistical analysis class, advertising class, social class, payment class, location class and push class.

In terms of the number of third-party SDK used by various types of APP, the average number of SDK used by financial lending was 21.50, followed by news APP with an average of 21.2, followed by shopping, social, banking and games, with an average of more than 15. Followed by travel, office and security tools, the average number of SDK used is relatively small, 11.4,9.7 and 6.7 respectively.

From the statistical data, we can see that a large number of third-party SDK are integrated and used in the development of Android applications, especially financial lending, shopping, banking and other applications related to user identity information and property security. The number of third-party SDK used is generally more than 15, even up to more than 30. The third-party SDK of these application integration includes not only the SDK provided by large manufacturers, but also the SDK provided by many open source communities. The security of these SDK has not been well verified. Once security problems occur, it will directly endanger users' privacy and property security, resulting in serious consequences.

A large number of Android platforms third-party SDK accelerates the formation of APP application products and saves development costs, at the same time, its related security problems can not be ignored. This paper summarizes the third-party SDK security incidents on Android platform in recent years, and the security problems mainly occur in the following aspects:

First of all, the level of security capability of third-party SDK developers is uneven, and many third-party SDK developers focus on the implementation of functions, and lack of investment in security, which may lead to security vulnerabilities of one kind or another in third-party SDK. In the past two years, the third-party SDK with security vulnerabilities are mainly FFmpeg vulnerabilities, friendly alliance SDK, zipxx and so on. Because it is widely integrated into a large number of APP, the impact of vulnerabilities is very large.

FFmpeg vulnerability

Security event FFmpeg vulnerability Disclosure time June 2017 event description FFmpeg is a leading global multimedia framework that supports decoding, encoding, transcoding, multiplexing, demultiplexing, streaming, filtering and playback of multimedia files in almost any format. In June 2017, neex submitted a remote arbitrary file read vulnerability to ffmpeg, Russia's largest social networking site, to the Hackerone platform. The vulnerability exploits the ability of FFmpeg to handle HLS playlists, while external files can be referenced in playlists (Playlist). By adding a reference to any local file in the playlist and uploading the file to the video website, you can trigger the local file to read the contents of the server file. At the same time, this vulnerability can also trigger SSRF vulnerabilities, causing great harm. Almost all the mainstream video applications have adopted this open source framework. Once security vulnerabilities are exposed, the impact can not be estimated by reference link https://hackerone.com/reports/226756 http://www.freebuf.com/column/142775.html.

Youmian SDK unexported components expose vulnerabilities

Security event Youmian SDK unexported components exposure vulnerability disclosure time December 2017 event description December 2017, the SDK of the domestic message push manufacturer Youmian was exposed to a vulnerability that can invoke unexported components without authorization. This vulnerability can be used to carry out a variety of malicious attacks on applications that use Youmian SDK, including malicious invocation of arbitrary components, notification of false messages, remote code execution, etc. More than 7, 000 APP applications are affected, involving many types of applications reference link http://www.freebuf.com/articles/system/156332.html

ZipperDown vulnerability

Security event ZipperDown vulnerability disclosure time May 2018 event description May 2018, Pangu laboratory exposed that SSZipArchive and ZipArchive two open source libraries unzipped process did not take into account the file name contains ".. /" situation, resulting in the file release process path crossing, resulting in malicious Zip files in the scope of App sandboxie, overwrite any writable file. Scope of influence affects a number of popular applications reference link https://zipperdown.org/

Secondly, for some purpose, some SDK developers reserve a back door in their SDK for collecting user information and performing ultra vires operations. Related security events:

Baidu SDK Wormhole incident

Security incident Baidu moplus SDK was exposed (Wormhole) vulnerability disclosure time November 2015 event description in November 2015, Baidu moplus SDK was exposed (Wormhole) vulnerability, affecting a number of applications with more than 100 million users. Through the study of the security loophole of Wormhole, it is found that Moplus SDK has a backdoor function, which can be used by attackers to remotely install applications, launch arbitrary applications, open arbitrary web pages, silently add contacts, and obtain user privacy information on the victim's mobile phone. Scope of influence 14000 app have been implanted, Android device infection quantity unknown reference link http://www.freebuf.com/vuls/83789.html https://www.secpulse.com/archives/40062.html

Igexin SDK steals user privacy

Security incident Igexin SDK stealing user Privacy Disclosure time August 2017 event description in August 2017, a domestic advertising SDK called Igexin was reported by mobile security manufacturer Lookout that there was a secret theft of user data. Under the cover of legitimate applications, Igexin SDK will connect to the Igexin server, download and dynamically load and execute malicious code, and collect and report all kinds of privacy data on user equipment, including device information, call log records and so on. The scope of influence report points out that more than 500 apps on Google Play use Igexin's advertising SDK, and these apps have been downloaded more than 100 million times. Reference link https://blog.lookout.com/igexin-malicious-sdk

Third, some malicious developers infiltrated the SDK development process to attract other APP application developers to integrate their SDK by providing third-party services. With the help of these legitimate applications, malicious SDK can effectively avoid the detection of most application markets and security manufacturers, affecting the security of a large number of users.

"Ya Ya Yun" malicious SDK

Security event "Ya Ya Yun" malicious SDK Disclosure time January 2018 event description Doctor Web virus analysts have found several games on Google Play that secretly download and launch add-ons to perform various malicious acts at runtime. The analysis found that the evil module is part of a SDK called Ya Ya Yun. The SDK secretly downloads malicious modules from the remote server, opens the website in the background and simulates clicks to steal advertisements to obtain grey revenue. More than 27 game applications on the scope of influence Google Play contain this malicious SDK, affecting more than 4.5 million users reference link https://news.drweb.com/show/?i=11685&lng=en&c=14

"parasitic push" malicious SDK

Security event "parasitic push" malicious SDK Disclosure time April 2018 event description April 2018, Tencent Security Anti-fraud lab's TRP-AI antivirus engine captured a software development kit (SDK) for malicious push messages-- "parasitic push". It opened malicious functions through reserved "backdoor" cloud control, privately ROOT user devices and implanted malicious modules to conduct malicious advertising and application promotion. In order to achieve grey income. More than 300 well-known applications have been infected by "parasitic push" SDK, potentially affecting more than 20 million users. Refer to the link http://www.freebuf.com/articles/terminal/168984.html3.3 App Distribution Channel Security event

Android application distribution channel occupies a very important position in the supply chain, and it is also a link of frequent security problems. There are many channels for Android application distribution, such as application market, manufacturers' pre-installation, cracking websites, ROM built-in and so on. Not only the software obtained from the grey supply chain such as downloading and cracking applications from third-party sites is easy to be implanted with malicious code, but even some formal application markets, due to lax auditing and other factors, attackers have also implanted "regular" software containing malicious code.

WireX Android Botnet

Security incident WireX Android Botnet contamination Google Play App Market event Disclosure time August 2017 event description August 17, 2017, a botnet called WireX BotNet infected Android devices and launched a large-scale DDoS attack by disguising ordinary Android apps, which attracted the attention of some CDN providers. Since then, Akamai, Cloudflare, Flashpoint, Google, Oracle Dyn, RiskIQ, Team Cymru and other organizations have jointly analyzed the incident. A safety report on the incident was released on August 28. The sphere of influence found that about 300 different mobile applications were scattered in the Google Play store, and DDoS events triggered by WireX originated from at least 70, 000 separate IP addresses. An analysis of the attack data on Aug. 17 showed that devices from more than 100 countries were infected with WireX BotNet. Reference link https://blog.cloudflare.com/the-wirex-botnet/?utm_content=buffer9e1c5&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer http://www.freebuf.com/articles/terminal/145955.html

Pujia8 cracked the website carrying Trojans

Security event Pujia8 cracked website carrying Trojan Horse Disclosure time November 2017 event description in November 2017, Tencent Anti-fraud lab found that a number of game applications on a game cracking website had been implanted with Root modules. At runtime, it took advantage of kernel vulnerabilities such as CVE-2015-1805 to force ROOT user devices, and implanted malicious applications without icons into the device system directory, lurking user devices for malicious advertising and rogue promotion for a long time. The scope of influence involves a number of cracked game applications, affecting millions of users reference link http://www.freebuf.com/articles/network/154029.html

In addition to the security threats in the channels where users directly access applications, other third-party service providers such as OTA upgrades and security reinforcements may also reserve backdoor programs in the services to threaten privacy and device security.

Guangsheng was exposed to the pre-installed back door of Android equipment.

Security incident Guangsheng was exposed to the Android equipment pre-installed back door, stealing user privacy disclosure time November 2016 event description Shanghai Guangsheng Information Technology Co., Ltd. is one of the world's leading FOTA technology service providers, the core business is Guangsheng FOTA wireless upgrade, through upgrade package differential, air download, remote upgrade technology, to provide firmware differential package upgrade services for networked devices such as mobile phones, tablets and other intelligent terminals. In November 2016, Kryptowire, an information security company, found a backdoor program on some low-cost Android devices, which collects private information on the device every 72 hours, including SMS content, contact information, call history, IMEI, IMSI, location, installed apps and used apps, and uploads them to the backdoor developer's server. The legal adviser to Shanghai Guangsheng Information Technology Co., Ltd., the developer of the backdoor, said it was a mistake for the backdoor to appear on devices made by equipment manufacturer BLU. In November 2017, the Malwarebytes mobile security team released a report saying that a large number of Android devices still contain the back door of Shanghai Guangsheng, which provides FOTA services. The scope of influence part uses the middle and low-end FOTA equipment reference link https://www.bleepingcomputer.com/news/security/secret-backdoor-in-some-low-priced-android-phones-sent-data-to-a-server-in-china/ https://www.bleepingcomputer.com/news/security/chinese-backdoor-still-active-on-many-android-devices/ of Guangsheng Android technical service.

OTA manufacturer Ruijiake implants rootkit in Android devices

Security incident OTA manufacturer Ruijiake implanted rootkit into Android devices in November 2016. in November 2016, AnubisNetworks security researchers found security problems in several brands of Android mobile phone firmware OTA upgrade mechanism, and this unsafe OTA upgrade mechanism is related to a Chinese company called Ragentek Group. According to the report, the device on which the malware is installed can be attacked by hackers and execute arbitrary code with root privileges to gain absolute control of the Android device, mainly because the device does not take strict encryption measures when OTA is updated. Range of influence 3 million Android devices implanted in the backdoor reference link http://www.freebuf.com/news/120639.html

A reinforcement service was exposed with entrainment advertisement.

Security incident A reinforcement service was exposed with a clip advertisement disclosure time in January 2017 event description in early 2017, developers reported that the developed application was embedded with charging ads after using a reinforcement service. According to the developer's mining, when strengthening the application, the reinforcement service will insert code to pull advertisements, download and activate other applications, report program exceptions, and obtain application information without the developer's knowledge. The scope of influence covers the security issues of all applications using this version of the hardening service reference link http://www.dgtle.com/article-17069-1.html3.4

Users may also face the situation of application upgrade and update in the process of using the application. In December 2017, the Android platform exposed a "nuclear" Janus vulnerability, which can modify the application code without affecting the application signature, resulting in the upgrade and installation of the application may be maliciously tampered with. Similarly, as more and more applications update application code by means of hot patches, malicious developers also take advantage of the opportunity to tamper with the application update mode to issue malicious code to threaten the security of users.

Janus signature vulnerability

Security event Android platform exposed Janus signature vulnerability, application upgrade may be maliciously tampered with disclosure time December 2017 event description December 2017, Android platform was exposed a "nuclear bomb" vulnerability Janus (CVE-2017-13156), this vulnerability allows attackers to modify the code in Android applications without affecting their signatures. Normally, according to the Android signature mechanism, a developer publishes an application and needs to sign it with his private key. If a malicious attacker attempts to modify any of the files in the application (including code and resources, etc.), he must re-sign the APK, otherwise the modified application cannot be installed on any Android device. However, through the Janus vulnerability, malicious attackers can tamper with the code in the Android application without affecting its signature, and overwrite and install the original application through the application upgrade process. Scope of influence system version Android 5.0-8.0, APK application reference link http://www.freebuf.com/articles/paper/158133.html with v1 signature

Series of applications of children's games

Security event children's game app, dynamic update download malicious code disclosure time May 2018 event description May 2018, Tencent Security Anti-fraud lab exposed a series of malicious applications of "children's games". On the surface, this kind of applications are Mini Game for children's intelligence, and they have been put on the shelves in most domestic application markets, but in fact, these applications can update malicious code packages through cloud control in the process of using. do malicious behavior that users can't perceive behind the scenes: load malicious advertising plug-ins, make advertising display interface invisible, steal ads, and consume user traffic crazily. Dynamically load malicious ROOT subpackages, obtain mobile phone ROOT permissions, replace system files, and insert malicious ELF files into users' mobile phones. The scope of influence covers more than 100 children's game applications, with a cumulative impact of millions of reference links http://www.freebuf.com/articles/terminal/173104.html IV. Development trends and new challenges of supply chain security.

Android supply chain Security event sequence Diagram

By analyzing the time sequence diagram of the important security events in the supply chain of Android applications, we can find that the security events against the supply chain attacks are no less serious than the traditional malicious applications themselves and the vulnerability attacks against the operating system, and the attacks against the supply chain of Android applications show the following trends:

The main results are as follows: 1. The security incidents against the attacks in the lower reaches of the supply chain (distribution link) account for most of the supply chain attacks, and the number of affected users is at the level of millions, and emerge one after another. There are few security incidents for polluting development tools such as XcodeGhost to attack the upper reaches of the software supply chain (development environment), but once the attack is successful, it may affect hundreds of millions of users.

2. Third-party SDK security events and manufacturers' reserved backdoors are also frequent security events in the Android supply chain. Most of these attacks adopt the mechanism of white signature bypassing the killing system, and their behavior is also between black and white, which is far more than the general vulnerability exploitation attacks in terms of affecting the number of users.

3. In terms of the concealment of the attack, the attack based on each link of the supply chain has stronger concealment and longer latent period than the traditional malicious application, and the discovery and clean-up of the attack are more complex.

4. The attacks exposed to all aspects of the supply chain have been on the rise in recent years. In the more complex Internet environment, the software supply chain has exposed more and more attack surfaces to attackers. And more and more attackers also find that the attack on the supply chain may be easier and cheaper than the vulnerability attack on the application itself or the system.

With the increase of attacks against the supply chain, the extension of the depth and breadth of attacks also brings greater challenges to mobile security manufacturers. Whether it is based on signature detection and killing, heuristic antivirus, which is the first generation of security technology that uses static characteristics against static code, or the second generation security technology, which mainly uses cloud check and machine learning against sample variants, using whitelist and "white-or-black" restriction strategy, appears to be stretched in the face of more targeted and hidden attacks. In this new attack environment, we desperately need a new era of security system to protect the security of organizations and users.

Fifth, create the security ecology of Android supply chain

For software supply chain attacks, both free applications and paid applications may be exploited by attackers in all aspects of the supply chain. Therefore, it is necessary to comprehensively defend the supply chain to build the security ecology of the Android application supply chain. In the whole scene of dealing with application supply chain attacks, mobile phone manufacturers, application developers, application market, security vendors, end users and other subjects need to actively participate and cooperate.

Mobile phone manufacturer

Due to the influence of many characteristics of Android system, the fragmentation of system version is very serious. The response time of major mobile phone manufacturers to fix existing equipment security vulnerabilities and update security patches is very different.

1. Pay attention to Google's security notice about Android system, and fix the known security vulnerabilities in the system in time.

2. Pay attention to the security dynamics of the self-maintenance model, if serious security problems are exposed, configure or add other security controls as mitigation measures, and upgrade the system accordingly if necessary

3. Abide by the relevant security laws and regulations, and forbid developers to leave security risks such as debugging backdoors in the mobile phone system to prevent malicious exploitation and ensure a reliable and secure mobile phone system environment.

Application developer / person

Cultivate developers' security awareness, establish checkpoints in all aspects of the development process, and take security assessment as a necessary review item. The development process strictly abides by the development specifications to prevent the emergence of security threats such as debugging backdoors. Before the release of the developed application, it is handed over to an independent internal or external evaluation organization for security assessment, and the problems found are solved in a timely manner.

Release the application through formal channels, make security measures for the application signature certificate, standardize the application release process, and prevent the application signature certificate from being tampered with due to the disclosure of the application signature certificate. When upgrading the software, check the downloaded upgrade package to ensure that the hijacked upgrade package will not be run.

Application market

Due to the development of Android system and some special reasons, the application market of major mobile phone manufacturers, YingYongBao and many third-party application markets are the main channels for domestic application distribution. Application market is in a very critical position in Android application supply chain ecology, and it is also a link of frequent security problems. For the application market, we give the following suggestions:

1. Standardize the application audit and release process, strictly control all links, and prohibit applications with security risks from entering the application market.

2. Perfect management standards of application developers / developers, implement effective reward and punishment measures, crack down on malicious developers, and prevent malicious developers from fishing in troubled waters.

3. Improve the detection ability of malicious applications or use the detection services provided by mature security vendors to prevent malicious applications from entering the application market.

Security manufacturer

For a long time, security manufacturers mostly focus on the application security and the loopholes of the operating system itself to provide products and services, and do not seem to pay enough attention to the security of the supply chain. Through the above analysis of major security events in each link of the application supply chain, we can see that there are huge security threats in application development, delivery, use and other links, and the harm caused by them is not less than that caused by security loopholes. therefore, it is not enough to pay attention to the security threats of software and operating system itself. Therefore, security manufacturers need to form a panoramic security vision from the perspective of a complete software supply chain in order to solve more in-depth security risks. Security vendors can strengthen the following points:

1. Improving the ability to find security problems is not limited to the usual malware and security vulnerabilities on the system, but should focus on all aspects of the application supply chain and defend against the behavior of the application on the terminal, rather than the sample itself.

two。 Provide innovative products and services to achieve comprehensive and detailed situational awareness for users, based on the security threat itself, link the organization, purpose and technical means behind the threat, carry out continuous monitoring, and identify possible unknown attacks. and help users to complete the rapid detection and response of security incidents.

In order to meet the severe security challenges in the future, Tencent Security has launched a self-developed AI antivirus engine-Tencent TRP engine. By monitoring the sensitive behavior of the system layer and cooperating with the mature AI technology, Tencent Security can deeply learn the behavior of all kinds of applications on the device, which can effectively identify the risk behavior of malicious applications and block the malicious behavior in real time. Provide users with more intelligent real-time terminal security protection.

End user

The end user is at the end of the supply chain. As the user of the application and the direct target of the malicious application, we give the following suggestions:

1. Use APP applications provided by genuine and official application markets whenever possible

2. Do not install applications from untrusted channels and click on suspicious URL

3. Timely security updates for mobile devices

4. Install Mobile Manager and other security software for real-time protection.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.