Defensive Struggle: Android Under Attack

Thursday, May 24, 2012 @ 03:05 PM gHale

It is no secret the Android platform is under attack with malware attacks hitting the system almost on a daily basis.

That is why mobile security researchers are teaming to share samples and data on malware targeting the Android platform.

Alternative Android Market Warning
Android Malware via Twitter
Android Malware via Video Game
Dating Site Acts as GPS for Malware

The Android Malware Genome Project, spearheaded by Xuxian Jiang, a computer science researcher at North Carolina State University, wants to boost collaboration in defending against mobile malware targeting smartphones from the likes of the Android-based HTC and Samsung devices.

For Android the volume of malware designed for the mobile platform skyrocketed 472 percent from July until the end of 2011, according to research from Juniper Networks.

On top of that, with the relatively open nature of Android and its apps market, it is making the Google operating system an attractive target for cyber criminals.

There have been 5,000 malicious Android apps discovered this year alone, with one-click billing fraud schemes and fake applications that hide malicious elements being the most prevalent, according to Trend Micro.

Xuxian’s NC State team was the first to identify dozens of Android malware programs, including DroidKungFu and GingerMaster.

The project wants to facilitate the sharing of Android malware code between security researchers, along the same lines as the long-standing malware sample sharing projects already set up by Windows anti-virus software developers. The project has already collected more than 1,200 pieces of Android malware.

Rapid access by security researchers to Android malware is important because “our defense capability is largely constrained by the limited understanding of these emerging mobile malware and the lack of timely access to related samples,” Xuxian said.

The project not only wants to enable the sharing of mobile malware samples but also to facilitate work to create a taxonomy of Android malware, with the aim of helping to create improved security defenses, which the NC State team argues are currently falling short of delivering effective protection.

In this project, the team focuses on the Android platform and aims to systematize or characterize existing Android malware. Particularly, with more than one year effort, we have managed to collect more than 1,200 malware samples that cover the majority of existing Android malware families, ranging from their debut in August 2010 to recent ones in October 2011. In addition, we systematically characterize them from various aspects, including their installation methods, activation mechanisms as well as the nature of carried malicious payloads.

The characterization and a subsequent evolution-based studies show they are evolving rapidly to circumvent detection from existing mobile anti-virus software. Based on the evaluation with four representative mobile security software programs, experiments in November, 2011, show the best case detects 79.6 percent of them while the worst case detects only 20.2 percent in our dataset. That means there is a need for better next-generation anti-mobile-malware solutions.

Leave a Reply

You must be logged in to post a comment.