How Current Android Malware Seeks to Evade Automated Code Analysis

Abstract : First we report on a new threat campaign, underway in Korea, which infected around 20,000 Android users within two months. The campaign attacked mobile users with malicious applications spread via different channels, such as email attachments or SMS spam. A detailed investigation of the Android malware resulted in the identification of a new Android malware family Android/BadAccents. The family represents current state-of-the-art in mobile malware development for banking trojans.Second, we describe in detail the techniques this malware family uses and confront them with current state-of-the-art static and dynamic code-analysis techniques for Android applications. We highlight various challenges for automatic malware analysis frameworks that significantly hinder the fully automatic detection of malicious components in current Android malware. Furthermore, the malware exploits a previously unknown tapjacking vulnerability in the Android operating system, which we describe. As a result of this work, the vulnerability, affecting all Android versions, will be patched in one of the next releases of the Android Open Source Project.
Type de document :
Communication dans un congrès
Raja Naeem Akram; Sushil Jajodia. 9th Workshop on Information Security Theory and Practice (WISTP), Aug 2015, Heraklion, Crete, Greece. Springer, Lecture Notes in Computer Science, LNCS-9311, pp.187-202, 2015, Information Security Theory and Practice. 〈10.1007/978-3-319-24018-3_12〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01442542
Contributeur : Hal Ifip <>
Soumis le : vendredi 20 janvier 2017 - 16:47:42
Dernière modification le : vendredi 20 janvier 2017 - 16:52:45
Document(s) archivé(s) le : vendredi 21 avril 2017 - 16:16:32

Fichier

978-3-319-24018-3_12_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Siegfried Rasthofer, Irfan Asrar, Stephan Huber, Eric Bodden. How Current Android Malware Seeks to Evade Automated Code Analysis. Raja Naeem Akram; Sushil Jajodia. 9th Workshop on Information Security Theory and Practice (WISTP), Aug 2015, Heraklion, Crete, Greece. Springer, Lecture Notes in Computer Science, LNCS-9311, pp.187-202, 2015, Information Security Theory and Practice. 〈10.1007/978-3-319-24018-3_12〉. 〈hal-01442542〉

Partager

Métriques

Consultations de la notice

56

Téléchargements de fichiers

17