The Past and Future of Mobile Malwares
-
Upload
dr-emin-islam-tatli -
Category
Education
-
view
162 -
download
1
Transcript of The Past and Future of Mobile Malwares
![Page 1: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/1.jpg)
Emin İslam TATLIM.Oğuzhan TOPGÜL
Cyber Security and Privacy Research Group
![Page 2: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/2.jpg)
This presentation is based on our paper
The Past and Future of Mobile MalwaresM. Oğuzhan Topgül and Emin İ. TatlıThe 7th International Conference on Information Security and Cryptology (ISCTurkey’14), İstanbul, 17-18 October 2014.
Download the paper: https://www.researchgate.net/publication/265726834_The_Past_and_Future_of_Mobile_Malwares
![Page 4: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/4.jpg)
Software programs designed to Disrupt computer operations Gather sensitive info Gain access to private computer systems
Main Types Virus Trojan horse Worm Adware Spyware rootkit
![Page 5: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/5.jpg)
256 MB RAM2 GB Flash HDD
200 MHz CPU
1GB RAM16GB Flash HDD
1,3 GHz Dual Core CPU
iPhone 5 vs. Curiosity Mars Rover
![Page 6: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/6.jpg)
Gartner 2013 Q4 Report*:
* http://www.gartner.com/newsroom/id/2645115
![Page 7: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/7.jpg)
2004
2005
2006
2007-
20092011
-2012
2013-
2014
SYMBIAN AGE
SYMBIAN AGEContinues
J2ME AGE
A New Era Begins(iOS & Android)
The Rise of
Smartphones
Advanced DevicesAdvanced Malwares
2010
SMARTPHONEERA
![Page 8: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/8.jpg)
CARIBE / CABIR
Writer: 29A
Target: Symbian
Spreads: Bluetooth
Activity: Shows a message
Importance: The first mobile malware
* http://about-threats.trendmicro.com/us/archive/malware/symbos_cabir.a* https://www.securelist.com/en/analysis?pubid=201225789
![Page 9: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/9.jpg)
DUST/ DUTS Writer: 29A
Target: Windows CE
Spreads: Bluetooth
Activity: ▪ Infects the files larger than
4K.
▪ Shows a message “Dear User, am I allowed to spread?”
* http://www.f-secure.com/v-descs/dtus.shtml
![Page 10: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/10.jpg)
MOSQUITO Target: Symbian
Type: Premium SMS Trojan
Spreads: P2P
Activity: Sends Premium Service SMS messages
Importance: First instance of Premium SMS malwares
* http://www.symantec.com/security_response/writeup.jsp?docid=2004-081009-2533-99
![Page 11: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/11.jpg)
SKULLS / SKULLER Target: Symbian
Type: Vandal Trojan
Spreads: Bluetooth
Activity: ▪ Deletes all files on the
device
▪ Changes all icons
Result: Device doesn’t boot again
* http://about-threats.trendmicro.com/us/archive/malware/symbos_skulls.A
![Page 12: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/12.jpg)
PBSTEALER Target: Symbian Type: Spyware Spreads: Bluetooth Activity: Steals the phone
book and sends all contacts to the nearest device via Bluetooth
Importance: ▪ First instance of Spyware like
malwares▪ Caribe variant
* http://about-threats.trendmicro.com/us/archive/malware/symbos_pbsteal.a
![Page 13: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/13.jpg)
COMMWARRIOR Target: Symbian Spreads: Bluetooth + MMS Activity:
▪ Spreads over Bluetooth during the days
▪ Spreads over MMS in the nights
Importance: ▪ First mobile malware uses
MMS to spread▪ One of the most spread
Symbian malware* http://www.f-secure.com/v-descs/commwarrior.shtml
![Page 14: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/14.jpg)
REDBROWSER Type: Premium SMS
Spreads: P2P
Activity: ▪ Pretends to be a WAP
browser, which offers free WAP browsing using SMS messages
▪ Sends huge amount of SMS messages to Premium services
http://www.f-secure.com/v-descs/redbrowser_a.shtml
![Page 15: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/15.jpg)
The birthday of iPhone - 2007
![Page 16: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/16.jpg)
Android 0.5: The first Public Build -2007
![Page 17: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/17.jpg)
Android 1.0: Google G1-2008
![Page 18: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/18.jpg)
IOS_IKEE Target: iOS Activity:
▪ Infects Jailbroken devices by making an SSH connection with the default credentials (root:alpine, mobile:alpine)
▪ Scans the network for other jailbroken iOS devices to infect
▪ Changes also the wallpaper of the device to Rick Astley’sphoto - a pop singer of 80’s
Importance: First known iOS malware
http://about-threats.trendmicro.com/us/malware/ios_ikee.a
![Page 19: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/19.jpg)
DROIDSMS Target: Android
Type: Premium SMS
Activity: ▪ Sends Premium SMS
messages
▪ Introduces itself as a movie player app
Importance: First known Android malware
http://about-threats.trendmicro.com/us/malware/androidos_droidsms.a
![Page 20: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/20.jpg)
DROIDSNAKE
Target: Android
Type: Spyware
Activity: Spies GPS coordinates and forwards through Internet.
Importance:
▪ First known Android Spyware
▪ Spreads over Google’s official Android market
http://about-threats.trendmicro.com/us/malware/androidos_droisnake.a
![Page 21: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/21.jpg)
ZITMO
Target: Android
Type: SMS Stealer
Activity:
▪ Poses as a password security app but steals online banking OTP SMS messages
▪ Cooperates with ZEUS for Windows malware
http://www.securelist.com/en/blog/208193029/ZeuS_in_the_Mobile_for_Android
![Page 22: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/22.jpg)
DROIDDREAM / DROIDKUNGFU
Target: Android Activity:
▪ Use 2 Android vulnerabilities to gain root access
▪ Send device info to C&C server▪ Use code obfuscation to hide itself▪ Apply encryption to C&C server
communication.▪ DroidKungFu applies anti-virus
evasion additionally
Importance: ▪ One of the first instances of
advanced mobile malwares
https://blog.lookout.com/blog/2011/03/02/android-malware-droiddream-how-it-works/
![Page 23: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/23.jpg)
ALSPAM / ALSALAH Target: Android
Type: Hacktivist
Activity: ▪ Sends SMS messages to all
contacts with the content of Mohamed Bouazizi’s protest who set himself on fire by the Arab Spring events
Importance: First known hacktivist malware
http://contagiominidump.blogspot.com.tr/2011/12/arspam-alsalah-android-malware-middle.html
![Page 24: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/24.jpg)
FIND AND CALL
Target: Android & iOS
Type: Spyware
Activity:
▪ Sends its download link to each contact in the contact list.
▪ Sends the contacts list to a remote server
Importance: Appeared in iOS App Store
http://nakedsecurity.sophos.com/2012/07/06/find-call-ios-android-malware/
![Page 25: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/25.jpg)
2011: The year of mobile malwares
![Page 26: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/26.jpg)
2012: The year of Android malwares ~3000 new malware samples in every month
0
5000
10000
15000
20000
25000
30000
35000
40000
45000
1 2 3 4 5 6 7 8 9 10 11 12
![Page 27: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/27.jpg)
STEALER Target: Android
Type: Botnet trojan
Activity: ▪ Spreads in the guise of a
legitimate app
▪ Receives commands from C&C server
Importance: Leader in terms of infection rate
https://www.securelist.com/en/blog/8208/New_threat_Trojan_SMS_AndroidOS_Stealer_a
![Page 28: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/28.jpg)
RISKWARE / TRACER Target: Android, iOS,
Symbian, RIM Type: Spyware Activity:
▪ Infects Jailbroken and rooted devices
▪ Can access WhatsApp, Viber, Tango, Skype, Facebook chats and Facebook photos
▪ Has the botnet capabilities
Importance: Is sold for $79 annually with the C&C interface
http://contagiominidump.blogspot.com.tr/2013/07/trracer-commercial-spyware-pua-samples.html
![Page 29: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/29.jpg)
OLDBOOT Target: Android Type: Bootkit Activity:
▪ Infects boot partition of the device
▪ GoogleKernel is detected as malware
Importance:▪ First known Android bootkit
malware▪ Can’t be cleaned by anti-virus
apps http://blogs.360.cn/360mobile/2014/01/17/oldboot-the-first-bootkit-on-android/
![Page 30: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/30.jpg)
OBAD Target: Android Type: Trojan Activity:
▪ Retrieves sensitive info and executes C&C commands
Importance:▪ Known as the most advanced
Android malware▪ Contains Anti-decompile, Anti-VM
controls▪ Uses zero-day vulnerabilities to get
root access▪ Can’t be cleaned by anti-virus apps
https://www.comodo.com/resources/Android_OBAD_Tech_Reportv3.pdf
![Page 31: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/31.jpg)
KOLER / SIMPLOCKER
Target: Android
Type: Ransomware
Activity:
▪ Locks mobile device and requests $300 to unlock.
▪ Shows a message if it comes from a police department
http://malware.dontneedcoffee.com/2014/05/police-locker-available-for-your.html
![Page 32: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/32.jpg)
UNFLOD BABY PANDA Target: iOS
Type: Spyware
Activity: ▪ Infects Jailbroken iOS
devices
▪ Steals Apple-ID and password by hooking the SSL buffer
▪ It is signed by a registered iOS developer
https://www.sektioneins.de/en/blog/14-04-18-iOS-malware-campaign-unflod-baby-panda.html
![Page 33: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/33.jpg)
DSENCRYPT Target: Android Type: Spyware Activity:
▪ Comes along with an encrypted malware inside of its assets folder
▪ Decrypts the encrypted part at runtime
▪ Steals bank accounts, signing certificates and SMS messages
▪ Pretends to be a legitimate “Google Play Store” app
http://www.fireeye.com/blog/technical/2014/06/what-are-you-doing-dsencrypt-malware.html
![Page 34: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/34.jpg)
MALNOTES Target: Google Glass
Type: Spyware
Activity: ▪ Takes photo every 10 seconds
without the wearer knowing
Importance:▪ First known Google Glass
malware
▪ Proof of concept malware for academic research
http://mustangnews.net/using-your-eyes-to-spy/
![Page 35: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/35.jpg)
The malware distribution of 2013
http://securelist.com/analysis/kaspersky-security-bulletin/58335/mobile-malware-evolution-2013/
![Page 36: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/36.jpg)
Windows 8 and Blackberry OS 10 has app markets and developer programs too
![Page 37: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/37.jpg)
Blackberry OS 10 supports runtime for Android apps
![Page 38: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/38.jpg)
Smart home appliances like oven, fridge and etc. are available in the market (Android inside)
![Page 39: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/39.jpg)
Wearable smart devices are the next target?
![Page 40: The Past and Future of Mobile Malwares](https://reader034.fdocuments.in/reader034/viewer/2022042716/55a8647f1a28ab43238b46c6/html5/thumbnails/40.jpg)
Governments and Intelligence Agencies develop advanced, targeted malwares