ANDRUBIS - 1,000,000 Apps Later: A View on Current Android Malware Behaviors

Proceedings - 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2014

Volumn , Issue , 2016, Pages 3-17

  Lindorfer, Martina ^a   Neugschwandtner, Matthias ^a   Weichselbaum, Lukas ^a   Fratantonio, Yanick ^b   Veen, Victor Van Der ^c   Platzer, Christian ^a  

^a VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

^b UNIVERSITY OF CALIFORNIA   (United States)

^c VU UNIVERSITY AMSTERDAM   (Netherlands)

Author keywords

Android; Data Collection; Dynamic Analysis; Malware; Measurements; Static Analysis

Indexed keywords

COMPETITION; COMPUTER CRIME; DYNAMIC ANALYSIS; MALWARE; MEASUREMENTS; STATIC ANALYSIS; WELL STIMULATION;

ANALYSIS CAPABILITIES; ANDROID; ANDROID MALWARE; COMPREHENSIVE ANALYSIS; DATA COLLECTION; MALWARE BEHAVIORS; RESEARCH COMMUNITIES; STIMULATION TECHNIQUES;

ANDROID (OPERATING SYSTEM);

EID: 84968718794     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/BADGERS.2014.7     Document Type: Conference Paper

References (73)

1. IDC, "Android and iOS Continue to Dominate the Worldwide Smartphone Market with Android Shipments Just Shy of 800 Million in 2013, " http: //www. idc. com/getdoc. jsp?containerId=prUS24676414, February 2014.
2. F-Secure, "Threat Report H2 2013, " http://www. f-secure. com/static/doc/ labs global/Research/Threat Report H2 2013. pdf, March 2014.
3. McAfee Labs, "McAfee Threats Report: Second Quarter 2013, " http://www. mcafee. com/us/resources/reports/rp-quarterly-threat-q2-2013. pdf, August 2013.
4. V. Svajcer, "Sophos Mobile Security Threat Report, " http://www. sophos. com/en-us/medialibrary/PDFs/other/sophos-mobilesecurity-threat-report. Ashx, 2014.
5. H. Lockheimer, "Android and Security, " http://googlemobile. blogspot. com/2012/02/android-and-security. html, February 2012.
6. M. Lindorfer, S. Volanis, A. Sisto, M. Neugschwandtner, E. Athanasopoulos, F. Maggi, C. Platzer, S. Zanero, and S. Ioannidis, "AndRadar: fast discovery of android applications in alternative markets, " in Proceedings of the 11th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2014.
7. M. Spreitzenbarth, F. Freiling, F. Echtler, T. Schreck, and J. Hoffmann, "Mobile-sandbox: Having a Deeper Look into Android Applications, " in Proceedings of the 28th Annual ACM Symposium on Applied Computing (SAC), 2013.
8. T. Bläsing, L. Batyuk, A.-D. Schmidt, S. Camtepe, and S. Albayrak, "An Android Application Sandbox System for Suspicious Software Detection, " in Proceedings of the 5th International Conference on Malicious and Unwanted Software (MALWARE), 2010.
9. L. K. Yan and H. Yin, "Droidscope: Seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis, " in Proceedings of the 21st USENIX Security Symposium, 2012.
10. A. Reina, A. Fattori, and L. Cavallaro, "A System Call-Centric Analysis and Stimulation Technique to Automatically Reconstruct Android Malware Behaviors, " in Proceedings of the 6th European Workshop on System Security (EuroSec), 2013.
11. T. Eder, M. Rodler, D. Vymazal, and M. Zeilinger, "ANANAS-A Framework For Analyzing Android Applications, " in Proceedings on the 1st International Workshop on Emerging Cyberthreats and Countermeasures (ECTCM), 2013.
12. "ForeSafe Mobile Security, " http://www. foresafe. com.
13. "VisualThreat, " http://www. visualthreat. com.
14. "Joe Sandbox Mobile, " http://www. joesecurity. org/joe-sandbox-mobile.
15. S. Neuner, V. van der Veen, M. Lindorfer, M. Huber, G. Merzdovnik, M. Mulazzani, and E. Weippl, "Enter Sandbox: Android Sandbox Comparison, " in Proceedings of the 3rd IEEE Mobile Security Technologies Workshop (MoST), 2014.
16. T. Vidas and N. Christin, "Evading Android Runtime Analysis via Sandbox Detection, " in Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2014.
17. F. Maggi, A. Valdi, and S. Zanero, "AndroTotal: A Flexible, Scalable Toolbox and Service for Testing Mobile Malware Detectors, " in Proceedings of the 3rd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), 2013.
18. "Anubis, " http://anubis. iseclab. org.
19. U. Bayer, C. Kruegel, and E. Kirda, "TTAnalyze: A Tool for Analyzing Malware, " in Proceedings of the 15th European Institute for Computer Antivirus Research (EICAR) Annual Conference, 2006.
20. U. Bayer, I. Habibi, D. Balzarotti, E. Kirda, and C. Kruegel, "A View on Current Malware Behaviors, " in Proceedings of the 2Nd USENIX Conference on Large-scale Exploits and Emergent Threats (LEET), 2009.
21. "VirusTotal, " http://www. virustotal. com.
22. U. Bayer, P. Milani Comparetti, C. Hlauscheck, C. Kruegel, and E. Kirda, "Scalable, Behavior-Based Malware Clustering, " in Proceedings of the 16th Annual Network & Distributed System Security Symposium (NDSS), 2009.
23. L. Weichselbaum, M. Neugschwandtner, M. Lindorfer, Y. Fratantonio, V. van der Veen, and C. Platzer, "Andrubis: Android Malware Under The Magnifying Glass, " Vienna University of Technology, Tech. Rep. TR-ISECLAB-0414-001, 2014.
24. C. Lever, M. Antonakakis, B. Reaves, P. Traynor, and W. Lee, "The Core of the Matter: Analyzing Malicious Traffic in Cellular Carriers, " in Proceedings of the 20th Annual Network & Distributed System Security Symposium (NDSS), 2013.
25. A. Ludwig, E. Davis, and J. Larimer, "Android-Practical Security From the Ground Up, " in Virus Bulletin Conference, 2013.
26. H. T. T. Truong, E. Lagerspetz, P. Nurmi, A. J. Oliner, S. Tarkoma, N. Asokan, and S. Bhattacharya, "The Company You Keep: Mobile Malware Infection Rates and Inexpensive Risk Indicators, " in Proceedings of the 23rd International Conference on World Wide Web (WWW), 2014.
27. "Andrubis Submission App, " https://play. google. com/store/apps/details? id=org. iseclab. Andrubis.
28. W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, "TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, " in Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation (OSDI), 2010.
29. L. Cavallaro, P. Saxena, and R. Sekar, "Anti-Taint-Analysis: Practical Evasion Techniques Against Information Flow Based Malware Defense, " Secure Systems Lab at Stony Brook University, Tech. Rep. , 2007.
30. K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie, "PScout: Analyzing the Android Permission Specification, " in Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS), 2012.
31. A. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, "Android Permissions Demystified, " in Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS), 2011.
32. Google, "Introducing ART, " https://source. Android. com/devices/tech/ dalvik/art. html, 2014.
33. C. Toombs, "Updates To AOSP Confirm Dalvik Runtime Will Be Removed From Android, ART Officially Takes Its Place, " http: //www. Androidpolice. com/2014/06/19/updates-aosp-confirm-dalvikruntime-will-removed-android-art-officially-takes-place, June 2014.
34. J. Goebel, T. Holz, and C. Willems, "Measurement and Analysis of Autonomous Spreading Malware in a University Environment, " in Proceedings of the 4th International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA), 2007.
35. "Contagio, " http://contagiominidump. blogspot. com.
36. Y. Zhou and X. Jiang, "Dissecting Android Malware: Characterization and Evolution, " in Proceedings of the 33rd IEEE Symposium on Security and Privacy, 2012.
37. M. Bierma, E. Gustafson, J. Erickson, D. Fritz, and Y. R. Choe, "Andlantis: Large-scale Android Dynamic Analysis, " in Proceedings of the 3rd IEEE Mobile Security Technologies Workshop (MoST), 2014.
38. "AppBrain Stats: Number of Android applications, " http: //www. Appbrain. com/stats/number-of-android-apps.
39. D. Arp, M. Spreitzenbarth, M. Hübner, H. Gascon, and K. Rieck, "Drebin: Efficient and Explainable Detection of Android Malware in Your Pocket, " in Proceedings of the 20th Annual Network & Distributed System Security Symposium (NDSS), 2014.
40. "Android Version history by API level, " http://en. wikipedia. org/wiki/ Android version history#Version history by API level.
41. B. Irinco, "First Android Trojan in the Wild, " http://blog. Trendmicro. com/ trendlabs-security-intelligence/first-android-trojan-in-the-wild, August 2010.
42. M. Neugschwandtner, M. Lindorfer, and C. Platzer, "A View To A Kill: WebView Exploitation, " in Proceedings of the 6th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), 2013.
43. Y. Zhang, H. Xue, and T. Wei, "Occupy Your Icons Silently on Android, " http://www. fireeye. com/blog/technical/2014/04/occupy your icons silently on android. html, April 2014.
44. D. Barrera, J. Clark, D. McCarney, and P. C. van Oorschot, "Understanding and Improving App Installation Security Mechanisms Through Empirical Analysis of Android, " in Proceedings of the 2nd ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), 2012.
45. C. Marforio, H. Ritzdorf, A. Francillon, and S. Capkun, "Analysis of the Communication Between Colluding Applications on Modern Smartphones, " in Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC), 2012.
46. M. Zheng, M. Sun, and J. C. Lui, "DroidRay: A Security Evaluation System for Customized Android Firmwares, " in Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2014.
47. "AppBrain Stats: Android Ad networks, " http://www. Appbrain. com/stats/ libraries/ad.
48. Lookout Mobile Security, "State of Mobile Security 2012, " https://www. lookout. com/ downloads/lookout-state-of-mobilesecurity-2012. pdf, 2012.
49. D. Ruddock, "Google Pushes Major Update To Play Developer Content Policy, Kills Notification Bar Ads For Real This Time, And A Lot More, " http://www. Androidpolice. com/2013/08/23/teardown-google-pushesmajor-update-to-play-developer-content-policy-kills-notification-barads-for-real-this-time-and-a-lot-more/, September 2013.
50. J. Forristal, "Android: One Root to Own Them All, " in Black Hat USA, 2013.
51. P. Ducklin, "Anatomy of another Android hole-Chinese researchers claim new code verification bypass, " http://nakedsecurity. sophos. com/ 2013/07/17/anatomy-of-another-android-hole-chinese-researchersclaim-new-code-verification-bypass, July 2013.
52. -, "Anatomy of a file format problem-yet another code verification bypass in Android, " http://nakedsecurity. sophos. com/2013/11/06/anatomyof-a-file-format-problem-yet-another-code-verification-bypass-inandroid, November 2013.
53. "Python Bug Tracker: Issue 14315, " http://bugs. python. org/issue14315.
54. "Fuzion24/Zip File Arbitrage: Exploit for Android Zip bugs: 8219321, 9695860, and 9950697, " https://github. com/Fuzion24/ AndroidZipArbitrage.
55. C. Toombs, "External Blues: Google Has Brought Big Changes To SD Cards In KitKat, And Even Samsung Is Implementing Them, " http://www. Androidpolice. com/2014/02/17/external-blues-google-hasbrought-big-changes-to-sd-cards-in-kitkat-and-even-samsung-may-beimplementing-them, February 2014.
56. R. Lipovsky, "ESET Analyzes First Android File-Encrypting, TORenabled Ransomware, " http://www. welivesecurity. com/2014/06/04/ simplocker, June 2014.
57. S. Poeplau, Y. Fratantonio, A. Bianchi, C. Kruegel, and G. Vigna, "Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications, " in Proceedings of the 20th Annual Network & Distributed System Security Symposium (NDSS), 2014.
58. V. Chebyshev, "Mobile attacks!" http://www. securelist. com/en/blog/805/ Mobile attacks, February 2013.
59. F-Secure, "Android Hack-Tool Steals PC Info, " http://www. fsecure. com/weblog/archives/00002573. html, July 2013.
60. F. Liu, "Windows Malware Attempts to Infect Android Devices, " http://www. symantec. com/connect/blogs/windows-malware-attemptsinfect-android-devices, January 2014.
61. A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner, "A Survey of Mobile Malware in the Wild, " in Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), 2011.
62. W. Zhou, Y. Zhou, X. Jiang, and P. Ning, "Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces, " in Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy (CODASPY), 2012.
63. W. Zhou, Y. Zhou, M. Grace, X. Jiang, and S. Zou, "Fast, Scalable Detection of "Piggybacked" Mobile Applications, " in Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy (CODASPY), 2013.
64. C. Zheng, S. Zhu, S. Dai, G. Gu, X. Gong, and W. Zou, "SmartDroid: An Automatic System for Revealing UI-based Trigger Conditions in Android Applications, " in Proceedings of the 2nd ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), 2012.
65. V. Rastogi, Y. Chen, and W. Enck, "AppsPlayground: Automatic Security Analysis of Smartphone Applications, " in Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy (CODASPY), 2013.
66. Y. Zhou, Z. Wang, W. Zhou, and X. Jiang, "Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets, " in Proceedings of the 19th Annual Network & Distributed System Security Symposium (NDSS), 2012.
67. "CopperDroid, " http://copperdroid. isg. rhul. Ac. uk.
68. "Tracedroid, " http://tracedroid. few. vu. nl.
69. V. van der Veen, "Dynamic Analysis of Android Malware, " Internet & Web Technology Master thesis, VU University Amsterdam, 2013.
70. "SandDroid, " http://sanddroid. xjtu. edu. cn.
71. "Mobile Sandbox, " http://mobilesandbox. org.
72. T. Petsas, G. Voyatzis, E. Athanasopoulos, M. Polychronakis, and S. Ioannidis, "Rage Against the Virtual Machine: Hindering Dynamic Analysis of Android Malware, " in Proceedings of the Seventh European Workshop on System Security (EuroSec), 2014.
73. F. Matenaar and P. Schulz, "Detecting Android Sandboxes, " http://www. dexlabs. org/blog/btdetect, August 2012.