Mobile Konami Codes: Analysis of Android Malware Services Utilizing Sensor and Resource-Based State Changes
Abstract
Society s pervasive use of mobile technologies has provided an incentive for the amount and kinds of mobile malware to steadily increase since 2004. Challenges in static analysis of mobile malware have stimulated the need for emulated, dynamic analysis techniques. Unfortunately, emulating mobile devices is nontrivial because of the different types of hardware features onboard (e.g., sensors) and the manner in which users interact with their devices as compared to traditional computing platforms. To test this, our research focuses on the enumeration and comparison of static attributes and event values from sensors and dynamic resources on Android runtime environments, both from physical devices and online analysis services. Utilizing our results from enumeration, we develop two different Android applications that are successful in detecting and evading the emulated environments utilized by those mobile analysis services during execution. When ran on physical devices, the same applications successfully perform a pseudo-malware action and send device identifying information to our server for logging.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2015
- Accession Number
- ADA620600
Entities
People
- Jacob L. Boomgaarden
- Joshua D. Corney
Organizations
- Naval Postgraduate School