Mobile Konami codes: analysis of Android malware services utilizing sensor and resource-based state changes
Boomgaarden, Jacob L.
Corney, Joshua D.
Dinolt, George W.
McEachen, John C.
MetadataShow full item record
Society’s pervasive use of mobile technologies has provided an incentive for the amount and kinds of mobile malware to steadily increase since 2004. Challenges in static analysis of mobile malware have stimulated the need for emulated, dynamic analysis techniques. Unfortunately, emulating mobile devices is nontrivial because of the different types of hardware features onboard (e.g., sensors) and the manner in which users interact with their devices as compared to traditional computing platforms. To test this, our research focuses on the enumeration and comparison of static attributes and event values from sensors and dynamic resources on Android runtime environments, both from physical devices and online analysis services. Utilizing our results from enumeration, we develop two different Android applications that are successful in detecting and evading the emulated environments utilized by those mobile analysis services during execution. When ran on physical devices, the same applications successfully perform a pseudo-malware action and send device identifying information to our server for logging.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Mobile Konami Codes: Analysis of Android Malware Services Utilizing Sensor And Resource-Based State Changes Boomgaarden, J.; Corney, J.; Whittaker, H.; Dinolt, G.; McEachen, J. (IEEE Computer Society, 2016);Challenges in static analysis of mobile malware have stimulated the need for emulated, dynamic analysis techniques. Unfortunately, emulating mobile devices is nontrivial because of the different types of hardware ...
San Miguel, John M.; Kline, Megan E.M.; Hallman, Roger A.; Slayback, Scott M.; Rogers, Alexis; Chang, Stefanie S.F. (2018);Malware mitigation for mobile technology is a long-standing problem for which there is not yet a good solution. In this paper, we focus on identifying malicious applications, and verifying the absence of malicious or ...
Beverly, Robert; Garfinkel, Simson; Cardwell, Greg (2011-08);Using validated carving techniques, we show that popular operating systems (e.g. Windows, Linux, and OSX) frequently have residual IP packets, Ethernet frames, and associated data structures present in system memory from ...