A game of Droid and Mouse: The threat of split-personality malware on Android

Computers and Security

Volumn 54, Issue , 2015, Pages 2-15

  Maier, Dominik ^a   Protsenko, Mykola ^a   Müller, Tilo ^a  

^a UNIVERSITY OF ERLANGEN NUREMBERG   (Germany)

Author keywords

Android malware; Dynamic code loading; Dynamic script loading

Indexed keywords

CODES (SYMBOLS); COMPUTER CRIME; DYNAMIC LOADS; MALWARE;

ANALYSIS SYSTEM; ANDROID MALWARE; AUTOMATED ANALYSIS SYSTEMS; BYPASS CURRENT; CODE-LOADING; MALICIOUS CODES; NETWORK CONNECTION; PROOF OF CONCEPT;

ANDROID (OPERATING SYSTEM);

EID: 84949627681     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2015.05.001     Document Type: Article

References (46)

1. D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, and K. Rieck DREBIN: effective and explainable detection of android malware in your pocket Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), San Diego, CA 2014
2. D. Balzarotti, M. Cova, C. Karlberger, C. Kruegel, E. Kirda, and G. Vigna Efficient detection of split personalities in malware Proceedings of the Symposium on Network and Distributed System Security (NDSS), San Diego, CA 2010
3. U. Bayer, I. Habibi, D. Balzarotti, E. Kirda, and C. Kruegel A view on current malware behaviors Proceedings of the 2Nd USENIX Conference on Large-scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, LEET'09 2009 USENIX Association Berkeley, CA, USA 8-8
4. Becher M, Freiling FC. Towards dynamic malware analysis to increase mobile device security, in: A. Alkassar, J. H. Siekmann (Eds.), Sicherheit, Vol. 128 of LNI, GI, pp. 423-433.
5. M. Becher, and R. Hund Kernel-level interception and applications on mobile devices Tech. rep may 2008 University of Mannheim
6. B. Bencsáth, G. Pék, L. Buttyán, and M. Felegyhazi sKyWIper (a.k.a. flame a.k.a. flamer): a complex malware for targeted attacks 2012 Tech. rep., In collaboration with the sKyWIper Analysis Team
7. T. Bläsing, L. Batyuk, A.-D. Schmidt, S. Camtepe, and S. Albayrak An Android application sandbox system for suspicious software detection Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on 2010 55 62 10.1109/MALWARE.2010.5665792
8. E. Bodden, A. Sewe, J. Sinschek, H. Oueslati, and M. Mezini Taming reflection: aiding static analysis in the presence of reflection and custom class loaders Proceedings of the 33rd International Conference on Software Engineering, ICSE '11 2011 ACM New York, NY, USA 241 250 10.1145/1985793.1985827
9. Botnet Research Team SandDroid: an APK analysis sandbox 2014 Xi'an Jiaotong University URL http://sanddroid.xjtu.edu.cn
10. S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shastry Towards taming privilege-escalation attacks on Android 19th Annual Network & Distributed System Security Symposium, NDSS '12 2012
11. X. Chen, J. Andersen, Z. Mao, M. Bailey, and J. Nazario Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware Dependable Systems and Networks With FTCS and DCC, 2008. DSN 2008. IEEE International Conference on 2008 177 186 10.1109/DSN.2008.4630086
12. E. Chin, and D. Wagner Bifocals: analyzing webview vulnerabilities in android applications Proceedings of the 14th International Workshop (WISA) 2013 138 159
13. L. Davi, A. Dmitrienko, A.-R. Sadeghi, and M. Winandy Privilege escalation attacks on Android Proceedings of the 13th International Conference on Information Security, ISC'10 2011 Springer-Verlag Berlin, Heidelberg 346 360
14. Anthony Desnos, Androguard: reverse engineering, malware and goodware analysis of Android applications. URL code.google.com/p/androguard/.
15. W. Enck, P. Gilbert, B.-G. Chun, L.P. Cox, J. Jung, P. McDaniel, and et al. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI'10 2010 USENIX Association Berkeley, CA, USA 1 6
16. R. Fedler, M. Kulicke, and J. Schütte An antivirus API for Android malware recognition Malicious and Unwanted Software: "The Americas" (MALWARE), 2013 8th International Conference on 2013 77 84 10.1109/MALWARE.2013.6703688
17. R. Fedler, M. Kulicke, and J. Schuette Native code execution control for attack mitigation on Android Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, SPSM '13 2013 ACM New York, NY, USA 15 20 10.1145/2516760.2516765
18. R. Fedler, J. Schütte, and M. Kulicke On the effectiveness of malware protection on Android Tech. rep 2013 Fraunhofer AISEC Berlin
19. ForSafe Forsafe mobile security, Whitepaper 2013 URL http://www.foresafe.com/ForeSafe-WhitePaper.pdf
20. Gartner Gartner says smartphone sales accounted for 55 percent of overall mobile phone sales in third quarter of 2013 Nov. 2013 URL http://www.gartner.com/newsroom/id/2623415
21. H. Hao, V. Singh, and W. Du On the effectiveness of api-level access control using bytecode rewriting in android Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS '13 2013 ACM New York, NY, USA 25 36 10.1145/2484313.2484317
22. D. Kirat, G. Vigna, and C. Kruegel Barebox: efficient malware analysis on bare-metal Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC '11 2011 ACM New York, NY, USA 403 412 10.1145/2076732.2076790
23. M. Lindorfer, C. Kolbitsch, and P. Milani Comparetti Detecting environment-sensitive malware Proceedings of the 14th International Conference on Recent Advances in Intrusion Detection, RAID'11 2011 Springer-Verlag Berlin, Heidelberg 338 357
24. M. Lindorfer Andrubis: a tool for analyzing unknown android applications Jun. 2012
25. H. Lockheimer Android and security Feb. 2012 URL googlemobile.blogspot.de/2012/02/android-and-security.htm
26. T. Luo, H. Hao, W. Du, Y. Wang, and H. Yin Attacks on WebView in the Android system Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC '11 2011 ACM New York, NY, USA 343 352 10.1145/2076732.2076781
27. D. Maier, T. Müller, and M. Protsenko Divide-and-Conquer: why android malware cannot be stopped S. Research, 9th International Conference on Availability, Reliability and Security 2014
28. C. Marforio, H. Ritzdorf, A. Francillon, and S. Capkun Analysis of the communication between colluding applications on modern smartphones Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC '12 2012 ACM New York, NY, USA 51 60
29. A. Moser, C. Kruegel, and E. Kirda Limits of static analysis for malware detection Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual 2007 421 430 10.1109/ACSAC.2007.21
30. M. Neugschwandtner, M. Lindorfer, and C. Platzer A view to a kill: webview exploitation Presented as part of the 6th USENIX Workshop on Large-Scale Exploits and Emergent Threats 2013 USENIX Berkeley, CA
31. J. Oberheide, and C. Miller Dissecting the Android Bouncer Presented at SummerCon 2012, Brooklyn, NY 2012 URL https://jon.oberheide.org/files/summercon12-bouncer.pdf
32. N.J. Percoco, and S. Schulte Adventures in bouncerland: failures of automated malware detection with in mobile application markets Black Hat USA '12, Trustwave SpiderLabs 2012
33. T. Petsas, G. Voyatzis, E. Athanasopoulos, M. Polychronakis, and S. Ioannidis Rage against the virtual machine: hindering dynamic analysis of android malware Proceedings of the Seventh European Workshop on System Security, EuroSec '14 2014 ACM New York, NY, USA 5:1 5:6 10.1145/2592791.2592796
34. S. Poeplau, Y. Fratantonio, A. Bianchi, C. Kruegel, and G. Vigna Execute this! Analyzing unsafe and malicious dynamic code loading in android applications Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), San Diego, CA 2014
35. Mykola Protsenko, and Tilo Müller PANDORA applies non-deterministic obfuscation randomly to Android Fernando C. Osorio, 8th International Conference on malicious and Unwanted software 2013
36. T. Raffetseder, C. Kruegel, and E. Kirda Detecting system emulators Proceedings of the 10th International Conference on Information Security, ISC'07 2007 Springer-Verlag Berlin, Heidelberg 1 18
37. V. Rastogi, Y. Chen, and X. Jiang Droidchameleon: evaluating Android anti-malware against transformation attacks Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS '13 2013 ACM New York, NY, USA 329 334 10.1145/2484313.2484355
38. A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, S. Dolev, and C. Glezer Google Android: a comprehensive security assessment IEEE Secur Priv 8 2 2010 35 44 10.1109/MSP.2010.2
39. A. Shabtai, U. Kanonov, Y. Elovici, C. Glezer, and Y. Weiss "Andromaly": a behavioral malware detection framework for Android devices J Intell Inf Syst 38 1 2012 161 190 10.1007/s10844-010-0148-x
40. M. Spreitzenbarth, F.C. Freiling, F. Echtler, T. Schreck, and J. Hoffmann Mobile-sandbox: having a deeper look into Android applications Proceedings of the 28th Annual ACM Symposium on Applied Computing, SAC '13 2013 ACM New York, NY, USA 1808 1815 10.1145/2480362.2480701
41. M. Spreitzenbarth Dissecting the Droid: Forensic analysis of android and its malicious applications Ph.D. thesis 2013 Friedrich-Alexander-Universität Erlangen-Nürnberg
42. M.-K. Sun, M.-J. Lin, M. Chang, C.-S. Laih, and H.-T. Lin Malware virtualization-resistant behavior detection ICPADS 2011 IEEE 912 917 10.1109/ICPADS.2011.78
43. Vallee-Rai R, Co P, Gagnon E, Hendren L, Lam P, Sundaresan V. Soot - a java bytecode optimization framework, In: Proceedings of the Conference of the Centre for Advanced Studies on Collaborative Research, CASCON '99, IBM Press.
44. V. Van der Veen Dynamic analysis of android malware Master Thesis Aug. 2013 VU University Amsterdam URL http://tracedroid.few.vu.nl/thesis.pdf
45. T. Vidas, and N. Christin Evading android runtime analysis via sandbox detection Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS '14 2014 ACM New York, NY, USA 447 458 10.1145/2590296.2590325
46. C. Willems, T. Holz, and F.C. Freiling Toward automated dynamic malware analysis using cwsandbox IEEE Security and Privacy 5 2 2007 32 39 10.1109/MSP.2007.45