TU Darmstadt / ULB / TUbiblio

An Investigation of the Android/BadAccents Malware which Exploits a new Android Tapjacking Attack

Rasthofer, Siegfried ; Asrar, Irfan ; Huber, Stephan ; Bodden, Eric (2015)
An Investigation of the Android/BadAccents Malware which Exploits a new Android Tapjacking Attack.
Report, Bibliographie

Kurzbeschreibung (Abstract)

We report on a new threat campaign, underway in Korea, which infected around 20,000 Android users within two months. The campaign attacked mobile users with malicious applications spread via different channels, such as email attachments or SMS spam. A detailed investigation of the Android malware resulted in the identification of a new Android malware family Android/BadAccents. The family represents current state-of-the-art in mobile malware development for banking trojans. In this paper, we describe in detail the techniques this malware family uses and confront them with current state-of-the-art static and dynamic code-analysis techniques for Android applications. We highlight various challenges for automatic malware analysis frameworks that significantly hinder the fully automatic detection of malicious components in the mal- ware. Furthermore, the malware exploits a previously unknown tapjacking vulnerability in the Android operating system, which we describe in detail. As a result of this work, the vulnerability, affecting all Android versions, has been patched in the Android Open Source Project.

Typ des Eintrags: Report
Erschienen: 2015
Autor(en): Rasthofer, Siegfried ; Asrar, Irfan ; Huber, Stephan ; Bodden, Eric
Art des Eintrags: Bibliographie
Titel: An Investigation of the Android/BadAccents Malware which Exploits a new Android Tapjacking Attack
Sprache: Deutsch
Publikationsjahr: April 2015
Zugehörige Links:
Kurzbeschreibung (Abstract):

We report on a new threat campaign, underway in Korea, which infected around 20,000 Android users within two months. The campaign attacked mobile users with malicious applications spread via different channels, such as email attachments or SMS spam. A detailed investigation of the Android malware resulted in the identification of a new Android malware family Android/BadAccents. The family represents current state-of-the-art in mobile malware development for banking trojans. In this paper, we describe in detail the techniques this malware family uses and confront them with current state-of-the-art static and dynamic code-analysis techniques for Android applications. We highlight various challenges for automatic malware analysis frameworks that significantly hinder the fully automatic detection of malicious components in the mal- ware. Furthermore, the malware exploits a previously unknown tapjacking vulnerability in the Android operating system, which we describe in detail. As a result of this work, the vulnerability, affecting all Android versions, has been patched in the Android Open Source Project.

Freie Schlagworte: Secure Software Engineering Group;Botnet, ThreatCampaign, AndroidMalware, CodeAnalysis, Banking Trojans, Vulnerability
ID-Nummer: TUD-CS-2015-0065
Fachbereich(e)/-gebiet(e): LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE > LOEWE-Zentren
Profilbereiche
LOEWE
Hinterlegungsdatum: 05 Okt 2016 19:42
Letzte Änderung: 30 Mai 2018 12:53
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen