research-article

A survey of mobile malware in the wild

Authors:
Adrienne Porter Felt

University of California, Berkeley, Berkeley, CA, USA

University of California, Berkeley, Berkeley, CA, USA
View Profile

,
Matthew Finifter

University of California, Berkeley, Berkeley, CA, USA

University of California, Berkeley, Berkeley, CA, USA
View Profile

,
Erika Chin

University of California, Berkeley, Berkeley, CA, USA

University of California, Berkeley, Berkeley, CA, USA
View Profile

,
Steve Hanna

University of California, Berkeley, Berkeley, CA, USA

University of California, Berkeley, Berkeley, CA, USA
View Profile

,
David Wagner

University of California, Berkeley, Berkeley, CA, USA

University of California, Berkeley, Berkeley, CA, USA
View Profile

SPSM '11: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devicesOctober 2011Pages 3–14https://doi.org/10.1145/2046614.2046618

Published:17 October 2011Publication History

SPSM '11: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices

Pages 3–14

ABSTRACT

Mobile malware is rapidly becoming a serious threat. In this paper, we survey the current state of mobile malware in the wild. We analyze the incentives behind 46 pieces of iOS, Android, and Symbian malware that spread in the wild from 2009 to 2011. We also use this data set to evaluate the effectiveness of techniques for preventing and identifying mobile malware. After observing that 4 pieces of malware use root exploits to mount sophisticated attacks on Android phones, we also examine the incentives that cause non-malicious smartphone tinkerers to publish root exploits and survey the availability of root exploits.

References

Adwords content guidelines. http://adwords.google.com/support/aw/bin/static.py?hl=en&guide=28435&page=guide.cs.Google Scholar
Android Market. http://www.android.com/market.Google Scholar
Google AdSense Program Policies. https://www.google.com/adsense/support/bin/answer.py?answer=48182.Google Scholar
iPhone App Store. http://www.apple.com/iphone/apps-for-iphone.Google Scholar
Ovi store. http://store.ovi.com.Google Scholar
xda-developers. http://www.xda-developers.com.Google Scholar
Top 10 Android Phones, 2011. http://www.pcworld.com/reviews/collection/3286/top_10_android_phones.html.Google Scholar
A. Al-Bataineh and G. White. Detection and Prevention Methods of Botnet-generated Spam. In MIT Spam Conference, 2009.Google Scholar
T. Asad. Jailbreak ios 4.3.3 untethered on iphone 4, 3gs, ipad, ipod touch with pwnagetool 4.3.3 {tutorial}. Redmond Pie, 2011. http://www.redmondpie.com/jailbreak-ios-4.3.3-untethered-iphone-4-3gs-ipad-ipod-touch-4g-3g-using-pwnagetool-4.3.3-tutorial.Google Scholar
M. Balakrishnan, I. Mohomed, and V. Ramasubramanian. Where's That Phone? Geolocating IP Addresses on 3G Networks. In IMC, 2009. Google ScholarDigital Library
D. Barroso. ZeuS Mitmo: Man-in-the-mobile (III). http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-iii.html.Google Scholar
M. Becher, F. Freiling, J. Hoffmann, T. Holz, S. Uellenbeck, and C. Wolf. Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices. In IEEE Symposium on Security and Privacy, 2011. Google ScholarDigital Library
M. Boodaei. Mobile Users Three Times More Vulnerable to Phishing Attacks. Trusteer Technical Report.Google Scholar
C. Burns. HTC Unlocking Bootloaders Across the Board {OFFICIAL}, 2011. http://www.slashgear.com/htc-unlocking-bootloaders-across-the-board-official-26155031.Google Scholar
J. Caballero, C. Grier, C. Kreibich, and V. Paxson. Measuring pay-per-install: The commoditization of malware distribution. In USENIX Security, 2011. Google ScholarDigital Library
M. Calamia. Mobile payments to surge to $670 billion by 2015. http://www.mobiledia.com/news/96900.html, 2011.Google Scholar
R. Cannings. An update on Android Market security. Google Mobile Blog. http://googlemobile.blogspot.com/2011/03/update-on-android-market-security.html.Google Scholar
G. Clucley. Hacked iPhones held hostage for 5 Euros. Naked Security, 2009.Google Scholar
C.Mulliner, N. Golde, and J. Seifert. SMS of Death: From Analyzing to Attacking Mobile Phones on a Large Scale. In USENIX Security, 2011. Google ScholarDigital Library
Cyanogen(mod). OpenVPN, 2011. http://www.cyanogenmod.com/features/openvpn.Google Scholar
N. Daswani, C. Mysen, V. Rao, S. Weis, K. Gharachorloo, and S. Ghosemajumder. Online advertising fraud. Crimeware: Understanding New Attacks and Defenses, 2008.Google Scholar
N. Daswani and M. Stoppelman. The anatomy of Clickbot. A. In Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, pages 11--11. USENIX Association, 2007. Google ScholarDigital Library
S. Doherty and P. Krysiuk. Android.Basebridge. Symantec, 2011. http://www.symantec.com/security_response/writeup.jsp?docid=2011-060915-4938-99.Google Scholar
M. Egele, C. Kruegel, E. Kirda, and G. Vigna. PiOS: Detecting Privacy Leaks in iOS Applications. In NDSS, 2011.Google Scholar
W. Enck, P. Gilbert, B. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In OSDI, 2010. Google ScholarDigital Library
W. Enck, M. Ongtang, and P. McDaniel. On Lightweight Mobile Phone Application Certification. In CCS, 2009. Google ScholarDigital Library
F-Secure. Trojanised mobile phone game makes expensive phone calls. http://www.f-secure.com/weblog/archives/00001930.html, 2010.Google Scholar
A. P. Felt, K. Greenwood, and D. Wagner. The Effectiveness of Application Permissions. In USENIX WebApps, 2011. Google ScholarDigital Library
A. P. Felt and D. Wagner. Phishing on Mobile Devices. In W2SP, 2011.Google Scholar
J. Franklin and V. Paxson. An inquiry into the nature and causes of the wealth of Internet miscreants. In CCS, 2007.Google Scholar
D. Goodin. Backdoor in top iPhone games stole user data, suit claims. The Register, 2009.Google Scholar
C. Guo, H. J. Wang, and W. Zhu. Smart Phone Attacks and Defenses. In ACM Workshop on Hot Topics in Networks, 2004.Google Scholar
J. Hamada. New Android Threat Gives Phone a Root Canal. Symantec, 2011. http://www.symantec.com/connect/blogs/new-android-threat-gives-phone-root-canal.Google Scholar
E. Haselsteiner and K. Breitfuß. Security in near field communication. Workshop on RFID Security, 2006.Google Scholar
iClarified. How to change your iPhone IMEI with ZiPhone (Windows). http://www.iClarified.com/entry/index.php?enid=657.Google Scholar
J. Jamaluddin, N. Zotou, and P. Coulton. Mobile phone vulnerabilities: a new generation of malware. In IEEE International Symposium on Consumer Electronics, 2004.Google ScholarCross Ref
X. Jiang. Security Alert: New Sophisticated Android Malware DroidKungFu Found in Alternative Chinese App Markets. http://www.cs.ncsu.edu/faculty/jiang/DroidKungFu.html, 2011.Google Scholar
C. Johnson. Kenzero virus blackmails those who illegally download anime porn. BBC. http://news.bbc.co.uk/2/hi/technology/8622665.stm.Google Scholar
Juniper Global Threat Center. Fake player. http://globalthreatcenter.com/?p=1907.Google Scholar
G. Lawton. Is it finally time to worry about mobile malware? Computer, May 2008. Google ScholarDigital Library
M. Fossi (Editor). Symantec Report on the Underground Economy. Symantec Corporation, 2008.Google Scholar
J. Markoff. Surveillance of Skype Messages Found in China. New York Times, 2008.Google Scholar
B. Miller, P. Pearce, C. Grier, C. Kreibich, and V. Paxson. What's Clicking What? Techniques and Innovations of Today's Clickbots. In DIMVA, 2011. Google ScholarDigital Library
Mobclix. Monthly value of an app user. http://blog.mobclix.com/index/PDF/january_infographic.pdf.Google Scholar
C. Mulliner. Vulnerability Analysis and Attacks on NFC-enabled Mobile Phones. In Proceedings of the 1st International Workshop on Sensor Security (IWSS) at ARES, Fukuoka, Japan, 2009.Google Scholar
Y. Niu, F. Hsu, and H. Chen. iPhish: Phishing Vulnerabilities on Consumer Electronics. In UPSEC, 2009. Google ScholarDigital Library
P. Porras and H. Saidi and V. Yegneswaran. An Analysis of the Ikee.B (Duh) iPhone Botnet. SRI International, 2009. http://mtc.sri.com/iPhone.Google Scholar
Panda Security. Eeki.A. http://www.pandasecurity.com/homeusers/security-info/215107/Eeki.A, 2009.Google Scholar
C. Peikari. PDA attacks, part 2: airborne viruses-evolution of the latest threats. (IN) SECURE Magazine, 2005.Google Scholar
P. Roberts. Android NFC bug could be the first of many. http://threatpost.com/en_us/blogs/android-nfc-bug-could-be-first-many-062011, 2011.Google Scholar
S. Rosenblatt. Avast to go mobile, get VPN. The Download Blog, 2011. http://download.cnet.com/8301-2007_4-20074377-12/avast-to-go-mobile-get-vpn.Google Scholar
A. Schmidt, H. Schmidt, L. Batyuk, J. H. Clausen, S. A. Camtepe, and S. Albayrak. Smartphone Malware Evolution Regisited: Android Next Target? In MALWARE, 2009.Google Scholar
A. Shevchenko. An overview of mobile device security. http://www.viruslist.com/en/analysis.Google Scholar
T. Strazzere. Security Alert: HongTouTou, New Android Trojan, Found in China. The Lookout Blog, 2011.Google Scholar
T. Strazzere. Security Alert: Malware Found Targeting Custom ROMs (jSMSHider). The Lookout Blog, 2011.Google Scholar
T. Strazzere. Security Alert: zHash, A Binary that can Root Android Phones, Found in Chinese App Markets and Android Market. The Lookout Blog, 2011.Google Scholar
Symantec. Android.geinimi. http://www.symantec.com/security_response/writeup.jsp?docid=2011-010111-5403-99.Google Scholar
Symantec. Android threat set to trigger on the end of days, or the day's end. http://www.symantec.com/connect/blogs/android-threat-set-trigger-end-days-or-day-s-end, 2011.Google Scholar
Symantec. Symbos.spitmo. http://www.symantec.com/security_response/writeup.jsp?docid=2011-040610-5334-99, 2011.Google Scholar
B. Thompson. UAE Blackberry update was spyware. http://news.bbc.co.uk/2/hi/technology/8161190.stm.Google Scholar
S. Toyssy and M. Helenius. About malicious software in smartphones. Journal in Computer Virology, 2006.Google Scholar
P. Traynor, M. Lin, M. Ongtang, V. Rao, T. Jaeger, P. McDaniel, and T. La Porta. On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core. In CCS, 2009. Google ScholarDigital Library
Trend Micro. BBOS_ZITMO.B. http://about-threats.trendmicro.com/Malware.aspx?language=us&name=BBOS_ZITMO.B, 2011.Google Scholar
T. Vidas, D. Votipka, and N. Christin. All your droid are belong to us: A survey of current android attacks. In WOOT, 2011. Google ScholarDigital Library
J. Wortham. Unofficial Software Incurs Apple's Wrath. The New York Times, 2009.Google Scholar

Index Terms

A survey of mobile malware in the wild
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Testing malware detectors

In today's interconnected world, malware, such as worms and viruses, can cause havoc. A malware detector (commonly known as virus scanner) attempts to identify malware. In spite of the importance of malware detectors, there is a dearth of testing ...
Read More
Detecting, validating and characterizing computer infections in the wild
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference

Although network intrusion detection systems (IDSs) have been studied for several years, their operators are still overwhelmed by a large number of false-positive alerts. In this work we study the following problem: from a large archive of intrusion ...
Read More
The Next Malware Battleground: Recovery After Unknown Infection

Malware has become a natural aspect of Internet computing due to the imperfectness of systems that identify malware and prevent their installation. Our ability to control the volume of unwanted and malicious traffic on the Internet—the spam messages, ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SPSM '11: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
October 2011
96 pages
ISBN:9781450310000
DOI:10.1145/2046614
General Chair:
Xuxian Jiang
North Carolina State University
,
Program Chairs:
Amiya Bhattacharya
Arizona State University
,
Partha Dasgupta
Arizona State University
,
William Enck
North Carolina State University
Copyright © 2011 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 17 October 2011
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
malware
mobile devices
smartphones
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate46of139submissions,33%
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 495
  Total Citations
  View Citations
- 7,259
  Total Downloads
- Downloads (Last 12 months)134
- Downloads (Last 6 weeks)17
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

A survey of mobile malware in the wild

SPSM '11: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices

ABSTRACT

References

Cited By

Index Terms

Recommendations

Testing malware detectors

Detecting, validating and characterizing computer infections in the wild

The Next Malware Battleground: Recovery After Unknown Infection