TU Darmstadt / ULB / TUbiblio

How Current Android Malware Seeks to Evade Automated Code Analysis

Rasthofer, Siegfried ; Asrar, Irfan ; Huber, Stephan ; Bodden, Eric (2015)
How Current Android Malware Seeks to Evade Automated Code Analysis.
Conference or Workshop Item, Bibliographie

Abstract

First we report on a new threat campaign, underway in Korea, which infected around 20,000 Android users within two months. The campaign attacked mobile users with malicious applications spread via different channels, such as email attachments or SMS spam. A detailed investigation of the Android malware resulted in the identification of a new Android malware family Android/BadAccents. The family represents current state-of-the-art in mobile malware development for banking trojans.

Second, we describe in detail the techniques this malware family uses and confront them with current state-of-the-art static and dynamic code-analysis techniques for Android applications. We highlight various challenges for automatic malware analysis frameworks that significantly hinder the fully automatic detection of malicious components in current Android malware. Furthermore, the malware exploits a previously unknown tapjacking vulnerability in the Android operating system, which we describe. As a result of this work, the vulnerability, affecting all Android versions, will be patched in one of the next releases of the Android Open Source Project.

Item Type: Conference or Workshop Item
Erschienen: 2015
Creators: Rasthofer, Siegfried ; Asrar, Irfan ; Huber, Stephan ; Bodden, Eric
Type of entry: Bibliographie
Title: How Current Android Malware Seeks to Evade Automated Code Analysis
Language: German
Date: August 2015
Book Title: 9th International Conference on Information Security Theory and Practice (WISTP'2015)
Corresponding Links:
Abstract:

First we report on a new threat campaign, underway in Korea, which infected around 20,000 Android users within two months. The campaign attacked mobile users with malicious applications spread via different channels, such as email attachments or SMS spam. A detailed investigation of the Android malware resulted in the identification of a new Android malware family Android/BadAccents. The family represents current state-of-the-art in mobile malware development for banking trojans.

Second, we describe in detail the techniques this malware family uses and confront them with current state-of-the-art static and dynamic code-analysis techniques for Android applications. We highlight various challenges for automatic malware analysis frameworks that significantly hinder the fully automatic detection of malicious components in current Android malware. Furthermore, the malware exploits a previously unknown tapjacking vulnerability in the Android operating system, which we describe. As a result of this work, the vulnerability, affecting all Android versions, will be patched in one of the next releases of the Android Open Source Project.

Uncontrolled Keywords: Secure Software Engineering Group
Identification Number: TUD-CS-2015-0109
Divisions: LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Profile Areas > Cybersecurity (CYSEC)
LOEWE > LOEWE-Zentren
Profile Areas
LOEWE
Date Deposited: 05 Oct 2016 19:42
Last Modified: 30 May 2018 12:53
PPN:
Corresponding Links:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details