Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dissecting Android Malware : Characterization and Evolution

Published byAngel Graves Modified over 10 years ago

Similar presentations

Presentation on theme: "Dissecting Android Malware : Characterization and Evolution"— Presentation transcript:

1 Dissecting Android Malware : Characterization and Evolution
Author : Yajin Zhou, Xuxuan Jiang TJ

2 Index of this paper Introduction Malware Timeline
Malware Characterization Malware Installation Repackaging Update Attack Drive-by Download Others Activation Malicious Payloads Privilege Escalation Remote Control Financial Charge Information Collection Permission Uses Malware Evolution DroidKungFu Root Exploits C&C Servers Shadow Payloads Obfuscation, JNI, and Others AnserverBot Anti-Analysis Security Software Detection Malware Detection Discussion Related Work Conclusion

3 I. Introduction Smartphone Android-based malware Goals
Shipment : X 3 ↑ (40milion120mil.) in 2009~2011 ► mobile malware↑ Android-based malware Share : 46%↑ and growing rapidly 400% ↑ since summer 2010 Goals Malware samples(1260) & families(49) Timeline analysis Good example of malware

4 II. Malware Timeline Dataset 49 families
Official/Alternative Android Market ~

5 III. A. Malware Installation
Repackaging Most common technique Concept Download popular apps  Disassemble  Enclose malicious payloads  Re-assemble  Submit

6

7 III. A. 1) Repackaging Where these original apps comes from?
What things are done by the authors?

8 III. A. 2) Update Attack Concept
Update component  it download malicious payload

9 III. A. 2) Update Attack

10 III. A. 2) Update Attack

11 III. A. 3) Drive-by Download
Enticing users to download “interesting” or “feature-rich” apps. For example, GGTracker : in-app advertisement link Jifake : QR code Spitmo and Zitmo : ported version of nefarious PC malware(SpyEye, Zeus)

12 III. B. Activation Using System Event message For example,
BOOT_COMPLETED SMS_RECEIVED ACTION_MAIN

13 III. C. Malicious Payloads
Privilege Escalation

14

15 III. C. Malicious Payloads
Remote Control 1,172 samples(93%) Turn infected phones into bots 1,171 samples HTTP-based communicate with C&C servers C&C servers Amazon cloud Public blog

16 III. C. Malicious Payloads
Financial Charge Premium-rate services Information Collection SMS messages Phone numbers User accounts

17 III. D. Permission Uses

18 IV. Malware Evolution DroidKungFu Root Exploits C&C Servers
Shadow Payloads Obfuscation

19 IV. B. AnserverBot Anti-Analysis Security Software Detection
C&C Servers

20 V. Malware Detection Tested on Nexus One (Android 2.3.7) Lookout
TrendMicro AVG Antivirus Norton

21 VI. Discussion Ecosystem Android Market
ASLR, TrustZone and eXecute-Never are needed Lack of fine-grain API control Blocking malware to enter market is needed Cooperation between security vendors

22 VIII. Conclusion Repackaging (86%)
Platform-level Escalate Privilege Exploits (36.7%) Bot-like capability (93%)

23 Q & A

Download ppt "Dissecting Android Malware : Characterization and Evolution"

Similar presentations

Mobile Security Guide Matt Scofield, Eric Samson, Cong Le.

Mobile Security Guide Matt Scofield, Eric Samson, Cong Le.
Win the Cyberwar on Mobile Banking and Payments

Win the Cyberwar on Mobile Banking and Payments
1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.

1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Vaibhav Rastogi, Yan Chen, and Xuxian Jiang

Vaibhav Rastogi, Yan Chen, and Xuxian Jiang
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Automated Remote Repair for Mobile Malware Yacin Nadji, Jonathon Giffin, Patrick Traynor Georgia Institute of Technology ACSAC’ 11.

Automated Remote Repair for Mobile Malware Yacin Nadji, Jonathon Giffin, Patrick Traynor Georgia Institute of Technology ACSAC’ 11.
Android Malware Characterisaion. Android Under Attack Android Malware is on the rise In 2012 malware presence has increased by 580% compared to the same.

Android Malware Characterisaion. Android Under Attack Android Malware is on the rise In 2012 malware presence has increased by 580% compared to the same.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Free Software Alternatives: Avast! Anti-virus

Free Software Alternatives: Avast! Anti-virus
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
William Enck, Machigar Ongtang, and Patrick McDaniel.

William Enck, Machigar Ongtang, and Patrick McDaniel.
IOS & Android Security, Hacking and Tweaking Workshop D.Papamartzivanos University Of the Aegean – Info Sec Lab Android Security – Cydia Substrate Dimitris.

IOS & Android Security, Hacking and Tweaking Workshop D.Papamartzivanos University Of the Aegean – Info Sec Lab Android Security – Cydia Substrate Dimitris.
CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.

CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.
FTP. SMS based FTP Introduction Existing System Proposed Solution Block Diagram Hardware and Software Features Benefits Future Scope Conclusion.

FTP. SMS based FTP Introduction Existing System Proposed Solution Block Diagram Hardware and Software Features Benefits Future Scope Conclusion.
Presentation By Deepak Katta

Presentation By Deepak Katta

Similar presentations

Ads by Google