Motivations of Recent Android Malware
نویسنده
چکیده
Introduction Every year for the last decade, the security industry has predicted a flood of mobile malware; however, only a trickle of mobile malware has emerged. The most widespread threats were SymbOS.Cabir and SymbOS.Commwarrior in 2004 and 2005. For most they represented a nuisance and affected a very small fraction of the phone population. Three factors are needed before an increase of mobile malware will occur: an open platform, a ubiquitous platform, and attacker motivation—which is usually monetary. The first has been fulfilled most recently with the advent of Android. It is probably also the most likely open platform to achieve the second condition of being ubiquitous. Given that Android is now the most prolific smart-phone operating system (43% of worldwide smart phone market in the second quarter of 2011 according to Gartner), the continued rise in market share seems all but inevitable, at the very least due to the adoption of smartphones in general over regular phones. The most uncertain condition is the third, an ability to mone-tize the platform via malware. This paper discusses some of the monetization schemes seen in a recent spate of Android mal-ware and also schemes we're likely to see in the future. Only if these monetization schemes succeed do we expect attackers to continue to invest in the creation of Android malware. In this scenario, attackers set up and register a premium rate number. Typically, these are " short codes " , which are shorter than usual phone numbers. Each country and carrier regulates short codes differently, but usually an oversight body issues the short codes for a fee. In the United States for example, a dedicated short code may cost $1500 USD to set up and then $1000 per month. A shared short code where the message must be preceded by a keyword can be obtained for as low as $50 per month. When calling or sending an SMS to a short code, the caller is billed a premium rate above the normal cost of an SMS or phone call. The revenue is then shared by the attacker, carrier, and the SMS aggregator. The attacker receives 30-70% of the premium rate charge depending on the carrier, amount charged per message , and number of messages received. Most carriers allow a premium rate of up to $10.00 per message , but some carriers will allow charges in excess of $50.00 per message. If …
منابع مشابه
Analysis and Detection of Malicious Behaviors in Repackaged Android Applications
Context Over the past decades malware authorship grew to become a profession. Nowadays, there exists a plethora of malware instances that span various targets, structures, motivations, and objectives [1]. Despite the different objectives they pursue, the majority of malware authors strive to prolong the period of time their instances remain operational within the infected system. In this contex...
متن کاملEight Years of Rider Measurement in the Android Malware Ecosystem: Evolution and Lessons Learned
Despite the growing threat posed by Android malware, the research community is still lacking a comprehensive view of common behaviors and trends exposed by malware families active on the platform. Without such view, the researchers incur the risk of developing systems that only detect outdated threats, missing the most recent ones. In this paper, we conduct the largest measurement of Android ma...
متن کاملN-gram Opcode Analysis for Android Malware Detection
Android malware has been on the rise in recent years due to the increasing popularity of Android and the proliferation of third party application markets. Emerging Android malware families are increasingly adopting sophisticated detection avoidance techniques and this calls for more effective approaches for Android malware detection. Hence, in this paper we present and evaluate an n-gram opcode...
متن کاملARTDroid: A Virtual-Method Hooking Framework on Android ART Runtime
Various static and dynamic analysis techniques are developed to detect and analyze Android malware. Some advanced Android malware can use Java reflection and JNI mechanisms to conceal their malicious behaviors for static analysis. Furthermore, for dynamic analysis, emulator detection and integrity selfchecking are used by Android malware to bypass all recent Android sandboxes. In this paper, we...
متن کاملOn Malware Leveraging the Android Accessibility Framework
The number of Android malware has been increasing dramatically in recent years. Android malware can violate users’ security, privacy and damage their economic situation. Study of new malware will allow us to better understand the threat and design effective antimalware strategies. In this paper, we introduce a new type of malware exploiting Android’s accessibility framework and describe a condi...
متن کامل