{"id":"https://openalex.org/W7131241861","doi":"https://doi.org/10.1109/apsec66846.2025.00111","title":"Virtualization-based Penetration Testing Study for Detecting Accessibility Abuse Vulnerabilities in Banking Apps in East and Southeast Asia","display_name":"Virtualization-based Penetration Testing Study for Detecting Accessibility Abuse Vulnerabilities in Banking Apps in East and Southeast Asia","publication_year":2025,"publication_date":"2025-12-02","ids":{"openalex":"https://openalex.org/W7131241861","doi":"https://doi.org/10.1109/apsec66846.2025.00111"},"language":null,"primary_location":{"id":"doi:10.1109/apsec66846.2025.00111","is_oa":false,"landing_page_url":"https://doi.org/10.1109/apsec66846.2025.00111","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 32nd Asia-Pacific Software Engineering Conference (APSEC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5043344851","display_name":"Wei Minn","orcid":"https://orcid.org/0000-0002-3191-9795"},"institutions":[{"id":"https://openalex.org/I79891267","display_name":"Singapore Management University","ror":"https://ror.org/050qmg959","country_code":"SG","type":"education","lineage":["https://openalex.org/I79891267"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Wei Minn","raw_affiliation_strings":["Singapore Management University,Singapore"],"affiliations":[{"raw_affiliation_string":"Singapore Management University,Singapore","institution_ids":["https://openalex.org/I79891267"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023431961","display_name":"Phong Phan","orcid":null},"institutions":[{"id":"https://openalex.org/I110995367","display_name":"Sprint (United States)","ror":"https://ror.org/04rxdpa15","country_code":"US","type":"company","lineage":["https://openalex.org/I110995367"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Phong Phan","raw_affiliation_strings":["i-Sprint Innovations Pte. Ltd,Singapore"],"affiliations":[{"raw_affiliation_string":"i-Sprint Innovations Pte. Ltd,Singapore","institution_ids":["https://openalex.org/I110995367"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054109908","display_name":"Vikas Kumar Malviya","orcid":"https://orcid.org/0000-0003-0601-8191"},"institutions":[{"id":"https://openalex.org/I4210093846","display_name":"Ministry of Education and Higher Education","ror":"https://ror.org/00j4as432","country_code":"QA","type":"government","lineage":["https://openalex.org/I4210093846"]}],"countries":["QA"],"is_corresponding":false,"raw_author_name":"Vikas K. Malviya","raw_affiliation_strings":["MIE-SPPU Institute of Higher Education,Qatar"],"affiliations":[{"raw_affiliation_string":"MIE-SPPU Institute of Higher Education,Qatar","institution_ids":["https://openalex.org/I4210093846"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126773620","display_name":"Benjamin Adolphi","orcid":null},"institutions":[{"id":"https://openalex.org/I199117387","display_name":"Promega (United States)","ror":"https://ror.org/01dra3713","country_code":"US","type":"company","lineage":["https://openalex.org/I199117387"]},{"id":"https://openalex.org/I236478094","display_name":"Promundo","ror":"https://ror.org/03mwbkd48","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I236478094"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Benjamin Adolphi","raw_affiliation_strings":["Promon,Germany"],"affiliations":[{"raw_affiliation_string":"Promon,Germany","institution_ids":["https://openalex.org/I236478094","https://openalex.org/I199117387"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088089609","display_name":"Yan Naing Tun","orcid":"https://orcid.org/0009-0009-2899-4637"},"institutions":[{"id":"https://openalex.org/I79891267","display_name":"Singapore Management University","ror":"https://ror.org/050qmg959","country_code":"SG","type":"education","lineage":["https://openalex.org/I79891267"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Yan Naing Tun","raw_affiliation_strings":["Singapore Management University,Singapore"],"affiliations":[{"raw_affiliation_string":"Singapore Management University,Singapore","institution_ids":["https://openalex.org/I79891267"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124333521","display_name":"Henning Benzon Treichl","orcid":null},"institutions":[{"id":"https://openalex.org/I236478094","display_name":"Promundo","ror":"https://ror.org/03mwbkd48","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I236478094"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Henning Benzon Treichl","raw_affiliation_strings":["Promon,Norway"],"affiliations":[{"raw_affiliation_string":"Promon,Norway","institution_ids":["https://openalex.org/I236478094"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001690616","display_name":"Albert Ching","orcid":null},"institutions":[{"id":"https://openalex.org/I110995367","display_name":"Sprint (United States)","ror":"https://ror.org/04rxdpa15","country_code":"US","type":"company","lineage":["https://openalex.org/I110995367"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Albert Ching","raw_affiliation_strings":["i-Sprint Innovations Pte. Ltd,Singapore"],"affiliations":[{"raw_affiliation_string":"i-Sprint Innovations Pte. Ltd,Singapore","institution_ids":["https://openalex.org/I110995367"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126773099","display_name":"Lwin Khin Shar","orcid":null},"institutions":[{"id":"https://openalex.org/I79891267","display_name":"Singapore Management University","ror":"https://ror.org/050qmg959","country_code":"SG","type":"education","lineage":["https://openalex.org/I79891267"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Lwin Khin Shar","raw_affiliation_strings":["Singapore Management University,Singapore"],"affiliations":[{"raw_affiliation_string":"Singapore Management University,Singapore","institution_ids":["https://openalex.org/I79891267"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5122900149","display_name":"David Lo","orcid":null},"institutions":[{"id":"https://openalex.org/I79891267","display_name":"Singapore Management University","ror":"https://ror.org/050qmg959","country_code":"SG","type":"education","lineage":["https://openalex.org/I79891267"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"David Lo","raw_affiliation_strings":["Singapore Management University,Singapore"],"affiliations":[{"raw_affiliation_string":"Singapore Management University,Singapore","institution_ids":["https://openalex.org/I79891267"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5043344851"],"corresponding_institution_ids":["https://openalex.org/I79891267"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.88281305,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"967","last_page":"972"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.6948999762535095,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.6948999762535095,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12481","display_name":"Digital Accessibility for Disabilities","score":0.030799999833106995,"subfield":{"id":"https://openalex.org/subfields/3307","display_name":"Human Factors and Ergonomics"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.028999999165534973,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8126000165939331},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7075999975204468},{"id":"https://openalex.org/keywords/southeast-asia","display_name":"Southeast asia","score":0.5958999991416931},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.46880000829696655},{"id":"https://openalex.org/keywords/data-breach","display_name":"Data breach","score":0.3928999900817871},{"id":"https://openalex.org/keywords/installation","display_name":"Installation","score":0.3833000063896179},{"id":"https://openalex.org/keywords/mobile-malware","display_name":"Mobile malware","score":0.3605000078678131},{"id":"https://openalex.org/keywords/android-malware","display_name":"Android malware","score":0.34380000829696655}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8126000165939331},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7075999975204468},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6912000179290771},{"id":"https://openalex.org/C3019398675","wikidata":"https://www.wikidata.org/wiki/Q11708","display_name":"Southeast asia","level":2,"score":0.5958999991416931},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.5562999844551086},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.46880000829696655},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.42809998989105225},{"id":"https://openalex.org/C165609540","wikidata":"https://www.wikidata.org/wiki/Q1172486","display_name":"Data breach","level":2,"score":0.3928999900817871},{"id":"https://openalex.org/C146778888","wikidata":"https://www.wikidata.org/wiki/Q836862","display_name":"Installation","level":2,"score":0.3833000063896179},{"id":"https://openalex.org/C2780967490","wikidata":"https://www.wikidata.org/wiki/Q1291200","display_name":"Mobile malware","level":3,"score":0.3605000078678131},{"id":"https://openalex.org/C2989133298","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android malware","level":3,"score":0.34380000829696655},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.3375999927520752},{"id":"https://openalex.org/C2779390178","wikidata":"https://www.wikidata.org/wiki/Q29137","display_name":"Cybercrime","level":3,"score":0.3188000023365021},{"id":"https://openalex.org/C77714075","wikidata":"https://www.wikidata.org/wiki/Q5452017","display_name":"Firewall (physics)","level":5,"score":0.29739999771118164},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.28859999775886536},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.28760001063346863},{"id":"https://openalex.org/C2780934415","wikidata":"https://www.wikidata.org/wiki/Q20997131","display_name":"Border Security","level":2,"score":0.2752000093460083},{"id":"https://openalex.org/C3017485454","wikidata":"https://www.wikidata.org/wiki/Q27275","display_name":"Central asia","level":2,"score":0.27149999141693115},{"id":"https://openalex.org/C3019281177","wikidata":"https://www.wikidata.org/wiki/Q771405","display_name":"South asia","level":2,"score":0.26409998536109924},{"id":"https://openalex.org/C186967261","wikidata":"https://www.wikidata.org/wiki/Q5082128","display_name":"Mobile device","level":2,"score":0.25929999351501465},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.2556999921798706},{"id":"https://openalex.org/C166566181","wikidata":"https://www.wikidata.org/wiki/Q8065","display_name":"Natural disaster","level":2,"score":0.25540000200271606},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.2506999969482422}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/apsec66846.2025.00111","is_oa":false,"landing_page_url":"https://doi.org/10.1109/apsec66846.2025.00111","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 32nd Asia-Pacific Software Engineering Conference (APSEC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Gender equality","id":"https://metadata.un.org/sdg/5","score":0.6940639615058899}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":8,"referenced_works":["https://openalex.org/W2004209351","https://openalex.org/W2796056969","https://openalex.org/W2805186013","https://openalex.org/W3006000462","https://openalex.org/W3029072315","https://openalex.org/W3110643640","https://openalex.org/W4321439723","https://openalex.org/W4388483464"],"related_works":[],"abstract_inverted_index":{"Android":[0],"banking":[1,68,117],"applications":[2],"have":[3],"revolutionized":[4],"financial":[5,13,31],"management":[6],"by":[7,37,144,151],"allowing":[8,53],"users":[9,89],"to":[10,28,45,55,90,122,138],"perform":[11],"various":[12],"activities":[14],"through":[15],"mobile":[16],"devices.":[17],"However,":[18],"this":[19,152],"convenience":[20],"has":[21],"attracted":[22],"cybercriminals":[23],"who":[24],"exploit":[25],"security":[26],"vulnerabilities":[27,149],"access":[29],"sensitive":[30],"data.":[32],"FjordPhantom,":[33,123],"a":[34,95,101],"malware":[35,65],"identified":[36],"our":[38,79,106],"industry":[39,80],"collaborator,":[40],"uses":[41],"virtualization":[42],"and":[43,60,69,74,99,135,140,146],"hooking":[44],"bypass":[46],"the":[47,114,120,125,148],"detection":[48],"of":[49,116,127],"malicious":[50,97,102],"accessibility":[51,103],"services,":[52],"it":[54],"conduct":[56],"keylogging,":[57],"screen":[58],"scraping,":[59],"unauthorized":[61],"data":[62],"access.":[63],"This":[64],"primarily":[66,84],"affects":[67],"finance":[70],"apps":[71,118],"across":[72],"East":[73],"Southeast":[75],"Asia":[76],"region":[77,121],"where":[78],"partner\u2019s":[81],"clients":[82],"are":[83],"based":[85],"in.":[86],"It":[87],"requires":[88],"be":[91],"deceived":[92],"into":[93],"installing":[94],"secondary":[96],"component":[98],"activating":[100],"service.":[104],"In":[105],"study,":[107],"we":[108],"conducted":[109],"an":[110],"empirical":[111],"study":[112],"on":[113],"susceptibility":[115],"in":[119,132],"analyzed":[124],"effectiveness":[126],"protective":[128],"measures":[129],"currently":[130],"implemented":[131],"those":[133],"apps,":[134],"discussed":[136],"ways":[137],"detect":[139],"prevent":[141],"such":[142],"attacks":[143],"identifying":[145],"mitigating":[147],"exploited":[150],"malware.":[153]},"counts_by_year":[],"updated_date":"2026-02-25T21:11:00.739837","created_date":"2026-02-02T00:00:00"}