GUI-Squatting Attack

Workflow of our approach

(1) We extract the GUI interactive components from the target UI screenshot by segmenting the components with image processing (i.e., canny edge detection and edge dilation), and classifying the type of GUI components with deep learning (i.e., CNN).

(2) We then assemble these components with the help of the layout code snippet of each component with their attributes, in order to generate XML code for the login page which is highly similar to the original one .

(3) We further generate deception code and allocate responses for interactive components (ICs) of logic code snippet, such as ImageButton and EditText. The generated phishing apps can secretly collect users’ credentials without causing users’ awareness by these response messages.

2. The results of comparison between original UI pages (Left) and generated UI pages (Right).

Note that our approach does not fully handle the font family/color of the text extracted from the EditText component. We show several examples of similarity differences in the green and red boxes.

3. In order to validate the capabiliity of our method in terms of the app diversity, we further add some apps that contain login pages. Note that all of them are generated UI pages by our approach.