| Abstract | First we report on a new threat campaign, underway in Korea, which infected
around 20,000 Android users within two months. The campaign attacked mobile users with
malicious applications spread via different channels, such as email
attachments or SMS spam. A detailed investigation of the Android malware
resulted in the identification of a new Android malware family Android/BadAccents. The
family represents current state-of-the-art in mobile malware development for
banking trojans.
Second, we describe in detail the techniques this malware
family uses and confront them with current state-of-the-art static and dynamic
code-analysis techniques for Android applications. We
highlight various challenges for automatic malware analysis frameworks that
significantly hinder the fully automatic detection of malicious components in
current Android malware. Furthermore, the malware exploits a previously unknown
tapjacking vulnerability in the Android operating system, which we
describe. As a result of this work, the vulnerability, affecting all
Android versions, will be patched in one of the next releases of the Android
Open Source Project. |
|---|
