Create your own awesome maps
Even on the go
with our free apps for iPhone, iPad and Android
Get StartedAlready have an account? Log In
The connections between components of a program can be used as features in application verification.
Malicious applications have significantly more services and receivers than benign ones.
The permissions requested by an application often indicate how dangerous it is. Several tools look for unusual permission request as one of many ways to characterize malware. For example a flashlight application should not need access to SMS functionality. Malicious applications tend to have more permissions than benign ones.
The linked paper describes DROIDMoss which uses a rolling hash to detect repackaged applications.
DroidRanger uses imported packages as one means of detecting malware.
Features such as price, author, description, number of downloads, etc. can help identify malware.
Apps that load native code in an unusual way are likely to be malicious.
Proposes a P.O.C. method for device to device infection of iPhones. The method is based on evil twin networks.
Proposed a method for using a mobile botnet to attack network infrastructure. Very thorough in suggesting attacks that require less resources and maximize damage done.
Proposed a very effective design for a mobile botnet.
A network of participating/infected mobile devices can track other mobile devices that are near them, but not participating/infected.
83% of users don't pay attention to permissions. 42% do not know what permissions are.
Modifying an application ads so that ad revenue is sent to the hacker instead of the original developer.
Link is to a video game demonstration. Players are able to hack mobile devices and see relevant, private information about the people they hack. In order to find the relevant information there would need to be an AI that determines what is most interesting.
The linked paper describes why rooting is possible and what it allows malware to do.
The link contains intuitive figures describing sms fraud.
Simply put, the way FakeInst is distributed enables promoters to slightly modify or customize their app for distribution, resulting in a completely unique instance of malware, while the executable code remains identical. Though simple, this technique yields a massive growth in the number of unique identifiable samples in the wild that vastly outstrips the growth of new malware families.
Applications can produce fake notifications that lead to phishing sites. For example a notification that is ostensibly from Facebook requires a log in when you tap it. The log in credentials are sent to the hacker.
Discusses trends in malware and several examples in detail. Pointed out repackaging as a common trend. Discussed evasion techniques and attacks performed by malware.
One can attack the cellular baseband stack of smartphones instead of the application processor.
Upload an apk and get back a report based on static and dynamic analysis. Uses a combination of several publicly available tools.
Uses static and dynamic analysis to look for malware on entire markets.
The permissions requested by an application often indicate how dangerous it is. Several tools look for unusual permission request as one of many ways to characterize malware. For example a flashlight application should not need access to SMS functionality. Malicious applications tend to have more permissions than benign ones.