Download presentation
Published byAngel Graves Modified over 10 years ago
1
Dissecting Android Malware : Characterization and Evolution
Author : Yajin Zhou, Xuxuan Jiang TJ
2
Index of this paper Introduction Malware Timeline
Malware Characterization Malware Installation Repackaging Update Attack Drive-by Download Others Activation Malicious Payloads Privilege Escalation Remote Control Financial Charge Information Collection Permission Uses Malware Evolution DroidKungFu Root Exploits C&C Servers Shadow Payloads Obfuscation, JNI, and Others AnserverBot Anti-Analysis Security Software Detection Malware Detection Discussion Related Work Conclusion
3
I. Introduction Smartphone Android-based malware Goals
Shipment : X 3 ↑ (40milion120mil.) in 2009~2011 ► mobile malware↑ Android-based malware Share : 46%↑ and growing rapidly 400% ↑ since summer 2010 Goals Malware samples(1260) & families(49) Timeline analysis Good example of malware
4
II. Malware Timeline Dataset 49 families
Official/Alternative Android Market ~
5
III. A. Malware Installation
Repackaging Most common technique Concept Download popular apps Disassemble Enclose malicious payloads Re-assemble Submit
7
III. A. 1) Repackaging Where these original apps comes from?
What things are done by the authors?
8
III. A. 2) Update Attack Concept
Update component it download malicious payload
9
III. A. 2) Update Attack
10
III. A. 2) Update Attack
11
III. A. 3) Drive-by Download
Enticing users to download “interesting” or “feature-rich” apps. For example, GGTracker : in-app advertisement link Jifake : QR code Spitmo and Zitmo : ported version of nefarious PC malware(SpyEye, Zeus)
12
III. B. Activation Using System Event message For example,
BOOT_COMPLETED SMS_RECEIVED ACTION_MAIN
13
III. C. Malicious Payloads
Privilege Escalation
15
III. C. Malicious Payloads
Remote Control 1,172 samples(93%) Turn infected phones into bots 1,171 samples HTTP-based communicate with C&C servers C&C servers Amazon cloud Public blog
16
III. C. Malicious Payloads
Financial Charge Premium-rate services Information Collection SMS messages Phone numbers User accounts
17
III. D. Permission Uses
18
IV. Malware Evolution DroidKungFu Root Exploits C&C Servers
Shadow Payloads Obfuscation
19
IV. B. AnserverBot Anti-Analysis Security Software Detection
C&C Servers
20
V. Malware Detection Tested on Nexus One (Android 2.3.7) Lookout
TrendMicro AVG Antivirus Norton
21
VI. Discussion Ecosystem Android Market
ASLR, TrustZone and eXecute-Never are needed Lack of fine-grain API control Blocking malware to enter market is needed Cooperation between security vendors
22
VIII. Conclusion Repackaging (86%)
Platform-level Escalate Privilege Exploits (36.7%) Bot-like capability (93%)
23
Q & A
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.