In today's society, users utilize network and other service providers to gain access to the Internet, access software services, request and receive various types of content, access software applications, and perform a variety of other tasks and functions. Additionally, users are increasingly utilizing mobile devices, such as, but not limited to, smartphones, tablets, phablets, laptops, and other mobile devices to access such services, applications, and content. However, as the use of mobile devices has increased, mobile malware such as, but not limited to, computer viruses, ransomware, worms, trojan horses, keyloggers, spyware, adware, and other malicious programs has exponentially increased. Such malware may be utilized by malware developers, hackers, and fraudsters to disrupt communications and to compromise personal, financial or other information associated with such users. Additionally, the disruption of communications and the theft of information caused by malware often occur without the users even knowing that they occurred. For example, a user may unwittingly download malware onto their mobile device, which can be utilized by a hacker to access the user's social security number, personal information, or other confidential information.
Currently, instead of just using malware to gain access to devices and information, malware developers and hackers are increasingly using malware for financial gain. For example, GGTracker is a type of malware that fraudsters incorporate into a legitimate online mobile software application, which, when installed by users onto their mobile devices, performs a variety of background operations that the user does not know are occurring. When the user starts using the online mobile software application, the GGTracker starts a background service that connects with a server owned by the fraudster to subscribe the user to legitimate or illegitimate services, which typically cost the user a monthly fee. The users are typically unaware of the subscription of these legitimate or illegitimate services until they see charges on their monthly phone statement or internet statement.
As another example, SpamSoldier is a type of malware that turns smartphones running certain operations systems into a member of a spamming botnet. Legitimate users are tricked into downloading an application in a similar fashion as the GGTracker, and the users typically end up believing that the application is legitimate. However, in the background, the application downloads a list of target numbers and a list of messages, and then spams messages to the phone numbers in the list of target numbers. Such spamming typically causes substantial text message charges to the users, even though the users did not actually send the messages themselves. Once the users find out that they been defrauded, the users spend substantial amount of time with their network providers to try to rectify the situation.
The current reactive approach for malware detection and mitigation typically involves removing suspicious applications from markets only after they have infected countless numbers of user devices and after users have been charged for fraudulent services. Additionally, network and service providers often have to spend tremendous amount of human, network, and financial resources to conduct traffic analyses and forensic studies once the infections have occurred so as to mitigate the infections. While deep packet inspection technologies offered by network providers provide an effective way to detect infected devices, such technologies are often resource-intensive and often involve directly monitoring users' traffic and activities.