nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

Stegomalware: Playing Hide and Seek with Malicious Components in Smartphone Apps

verfasst von : Guillermo Suarez-Tangil, Juan E. Tapiador, Pedro Peris-Lopez

Erschienen in: Information Security and Cryptology

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

We discuss a class of smartphone malware that uses steganographic techniques to hide malicious executable components within their assets, such as documents, databases, or multimedia files. In contrast with existing obfuscation techniques, many existing information hiding algorithms are demonstrably secure, which would make such stegomalware virtually undetectable by static analysis techniques. We introduce various types of stegomalware attending to the location of the hidden payload and the components required to extract it. We demonstrate its feasibility with a prototype implementation of a stegomalware app that has remained undetected in Google Play so far. We also address the question of whether steganographic capabilities are already being used for malicious purposes. To do this, we introduce a detection system for stegomalware and use it to analyze around 55 K apps retrieved from both malware sources and alternative app markets. Our preliminary results are not conclusive, but reveal that many apps do incorporate steganographic code and that there is a substantial amount of hidden content embedded in app assets.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Stand-by Attacks on E-ID Password Authentication

Nächstes Kapitel A Lightweight Security Isolation Approach for Virtual Machines Deployment

This definition can be naturally extended to public-key stegosystems [3].

https://code.google.com/p/f5-steganography.

https://play.google.com/store/apps/details?id=es.uc3m.cosec.likeimage.

http://www.aptoide.com/.

http://www.virusshare.com/.

http://commons.apache.org/proper/commons-imaging/.

Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., Rieck, K.: Drebin: effective and explainable detection of android malware in your pocket. In: Proceedings of Network and Distributed System Security Symposium (NDSS), February 2014

Bastien, F.: Sss - simple steganalysis suite (Visited 2014). https://code.google.com/p/simple-steganalysis-suite/

Cachin, C.: Digital steganography. In: van Tilborg, H.C.A. (ed.) Encyclopedia of Cryptography and Security, pp. 159–164. Springer, US (2005)CrossRef

Cheddad, A., Condell, J., Curran, K., Mc Kevitt, P.: Digital image steganography: survey and analysis of current methods. Signal Process. 90(3), 727–752 (2010)CrossRefMATH

Desnos, A., et al.: Androguard: Reverse engineering, malware and goodware analysis of android applications (Visited December 2013), https://code.google.com/p/androguard

Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comp. Surv. 44(2), 1–42 (2012)CrossRef

Farid, H., Siwei, L.: Detecting hidden messages using higher-order statistics and support vector machines. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 340–354. Springer, Heidelberg (2002)

Forczmanski, P., Wegrzyn, M.: Open virtual steganographic laboratory. In: International Conference on Advanced Computer Systems (ACS-AISBIS) (2009). http://vsl.sourceforge.net/

Fridrich, J.: Feature-based steganalysis for JPEG images and its implications for future design of steganographic schemes. In: Fridrich, J. (ed.) IH 2004. LNCS, vol. 3200, pp. 67–81. Springer, Heidelberg (2004) CrossRef

10.

Fridrich, J., Goljan, M., Hogea, D.: New methodology for breaking steganographic techniques for JPEGs. In: International Society for Optics and Photonics Electronic Imaging 2003, pp. 143–155 (2003)

11.

Gao, J., Bai, X., Tsai, W.T., Uehara, T.: Mobile application testing: a tutorial. Computer 47(2), 46–55 (2014)CrossRef

12.

Huang, H., Zhu, S., Liu, P., Wu, D.: A framework for evaluating mobile app repackaging detection algorithms. In: Huth, M., Asokan, N., Čapkun, S., Flechais, I., Coles-Kemp, L. (eds.) TRUST 2013. LNCS, vol. 7904, pp. 169–186. Springer, Heidelberg (2013) CrossRef

13.

Johnson, N.F., Jajodia, S.: Exploring steganography: seeing the unseen. Computer 31(2), 26–34 (1998)CrossRef

14.

Khalind, O.S., Hernandez-Castro, J.C., Aziz, B.: A study on the false positive rate of Stegdetect. Digit. Invest. 9(3), 235–245 (2013)CrossRef

15.

Oberheide, J., Miller, C.: Dissecting the android bouncer. In: SummerCon (2012)

16.

O’Kane, P., Sezer, S., McLaughlin, K.: Obfuscation: the hidden malware. IEEE Secur. Priv. 9(5), 41–47 (2011)CrossRef

17.

Petitcolas, F.A., Anderson, R.J., Kuhn, M.G.: Information hiding-a survey. Proc. IEEE 87(7), 1062–1078 (1999)CrossRef

18.

Pfitzmann, B.: Information hiding terminology. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 347–350. Springer, Heidelberg (1996) CrossRef

19.

Provos, N., Honeyman, P.: Hide and seek: an introduction to steganography. IEEE Secur. Priv. 1(3), 32–44 (2003)CrossRef

20.

Provos, N., Honeyman, P.: Detecting steganographic content on the internet. Technical report, Center for Information Technology Integration University of Michigan (2001)

21.

Rastogi, V., Chen, Y., Enck, W.: AppsPlayground: automatic security analysis of smartphone applications. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy CODASPY ’13, pp. 209–220. ACM, New York (2013)

22.

Rastogi, V., Chen, Y., Jiang, X.: Droidchameleon: evaluating android anti-malware against transformation attacks. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security ASIA CCS ’13, pp. 329–334. ACM, New York (2013)

23.

Shabtai, A., Tenenboim-Chekina, L., Mimran, D., Rokach, L., Shapira, B., Elovici, Y.: Mobile malware detection through analysis of deviations in application network behavior. Comput. Secur. 43, 1–18 (2014)CrossRef

24.

Suarez-Tangil, G., Tapiador, J.E., Lombardi, F., Pietro, R.D.: Thwarting Obfuscated malware via differential fault analysis. IEEE Comput. 47(6), 24–31 (2014)CrossRef

25.

Suarez-Tangil, G., Tapiador, J.E., Peris, P., Ribagorda, A.: Evolution, detection and analysis of malware for smart devices. IEEE Commun. Surv. Tutorials 16(2), 961–987 (2014)CrossRef

26.

Suarez-Tangil, G., Tapiador, J.E., Peris-Lopez, P., Blasco, J.: Dendroid: a text mining approach to analyzing and classifying code structures in android malware families. Expert Syst. Appl. 41(1), 1104–1117 (2014)CrossRef

27.

Upham, D.: Jsteg (1997). http://www.tiac.net/users/korejwa/jsteg.htm

28.

Wang, K., Parekh, J.J., Stolfo, S.J.: Anagram: a content anomaly detector resistant to mimicry attack. In: Advances in Intrusion Detection. pp. 226–248 (2006)

29.

Westfeld, A.: F5-A steganographic algorithm. In: Moskowitz, I.S. (ed.) IH 2001. LNCS, vol. 2137, p. 289. Springer, Heidelberg (2001) CrossRef

30.

Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: IEEE Symposium on Security and Privacy. pp. 95–109 (2012)

Titel: Stegomalware: Playing Hide and Seek with Malicious Components in Smartphone Apps
verfasst von: Guillermo Suarez-Tangil
Juan E. Tapiador
Pedro Peris-Lopez
Verlag: Springer International Publishing
Buch: Information Security and Cryptology
Print ISBN: 978-3-319-16744-2

Electronic ISBN: 978-3-319-16745-9

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-16745-9_27

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"