Exposing mobile malware from the inside (or what is your mobile app really doing?)

• Published in: Peer-to-peer networking and applications Vol. 7; no. 4; pp. 687 - 697
• Main Authors: Damopoulos, Dimitrios, Kambourakis, Georgios, Gritzalis, Stefanos, Park, Sang Oh
• Format: Journal Article
• Language: English
• Published: Boston Springer US 01.12.2014; Springer Nature B.V
• Subjects: Cellular communication; Communications Engineering; Computer Communication Networks; Computer programs; Computer viruses; Convergence; Engineering; Information Systems and Communication Service; Malware; Mobile communications networks; Multiplexing; Networks; Peer to peer computing; Platforms; Signal,Image and Speech Processing; Smartphones; Software; Malware; iOS; Smartphone; Dynamic analysis; Behavior-based detection
• ISSN: 1936-6442; 1936-6450
• DOI: 10.1007/s12083-012-0179-x

It is without a doubt that malware especially designed for modern mobile platforms is rapidly becoming a serious threat. The problem is further multiplexed by the growing convergence of wired, wireless and cellular networks, since virus writers can now develop sophisticated malicious software that is able to migrate across network domains. This is done in an effort to exploit vulnerabilities and services specific to each network. So far, research in dealing with this risk has concentrated on the Android platform and mainly considered static solutions rather than dynamic ones. Compelled by this fact, in this paper, we contribute a fully-fledged tool able to dynamically analyze any iOS software in terms of method invocation (i.e., which API methods the application invokes and under what order), and produce exploitable results that can be used to manually or automatically trace software’s behavior to decide if it contains malicious code or not. By employing real life malware we assessed our tool both manually, as well as, via heuristic techniques and the results we obtained seem highly accurate in detecting malicious code.