research-article

A survey of mobile malware in the wild

Authors:

Adrienne Porter Felt,

Matthew Finifter,

David WagnerAuthors Info & Claims

SPSM '11: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices

Pages 3 - 14

https://doi.org/10.1145/2046614.2046618

Published: 17 October 2011 Publication History

Abstract

Mobile malware is rapidly becoming a serious threat. In this paper, we survey the current state of mobile malware in the wild. We analyze the incentives behind 46 pieces of iOS, Android, and Symbian malware that spread in the wild from 2009 to 2011. We also use this data set to evaluate the effectiveness of techniques for preventing and identifying mobile malware. After observing that 4 pieces of malware use root exploits to mount sophisticated attacks on Android phones, we also examine the incentives that cause non-malicious smartphone tinkerers to publish root exploits and survey the availability of root exploits.

References

[1]

Adwords content guidelines. http://adwords.google.com/support/aw/bin/static.py?hl=en&guide=28435&page=guide.cs.

[2]

Android Market. http://www.android.com/market.

[3]

Google AdSense Program Policies. https://www.google.com/adsense/support/bin/answer.py?answer=48182.

[4]

iPhone App Store. http://www.apple.com/iphone/apps-for-iphone.

[5]

Ovi store. http://store.ovi.com.

[6]

xda-developers. http://www.xda-developers.com.

[7]

Top 10 Android Phones, 2011. http://www.pcworld.com/reviews/collection/3286/top_10_android_phones.html.

[8]

A. Al-Bataineh and G. White. Detection and Prevention Methods of Botnet-generated Spam. In MIT Spam Conference, 2009.

[9]

T. Asad. Jailbreak ios 4.3.3 untethered on iphone 4, 3gs, ipad, ipod touch with pwnagetool 4.3.3 {tutorial}. Redmond Pie, 2011. http://www.redmondpie.com/jailbreak-ios-4.3.3-untethered-iphone-4-3gs-ipad-ipod-touch-4g-3g-using-pwnagetool-4.3.3-tutorial.

[10]

M. Balakrishnan, I. Mohomed, and V. Ramasubramanian. Where's That Phone? Geolocating IP Addresses on 3G Networks. In IMC, 2009.

Digital Library

[11]

D. Barroso. ZeuS Mitmo: Man-in-the-mobile (III). http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-iii.html.

[12]

M. Becher, F. Freiling, J. Hoffmann, T. Holz, S. Uellenbeck, and C. Wolf. Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices. In IEEE Symposium on Security and Privacy, 2011.

Digital Library

[13]

M. Boodaei. Mobile Users Three Times More Vulnerable to Phishing Attacks. Trusteer Technical Report.

[14]

C. Burns. HTC Unlocking Bootloaders Across the Board {OFFICIAL}, 2011. http://www.slashgear.com/htc-unlocking-bootloaders-across-the-board-official-26155031.

[15]

J. Caballero, C. Grier, C. Kreibich, and V. Paxson. Measuring pay-per-install: The commoditization of malware distribution. In USENIX Security, 2011.

Digital Library

[16]

M. Calamia. Mobile payments to surge to $670 billion by 2015. http://www.mobiledia.com/news/96900.html, 2011.

[17]

R. Cannings. An update on Android Market security. Google Mobile Blog. http://googlemobile.blogspot.com/2011/03/update-on-android-market-security.html.

[18]

G. Clucley. Hacked iPhones held hostage for 5 Euros. Naked Security, 2009.

[19]

C.Mulliner, N. Golde, and J. Seifert. SMS of Death: From Analyzing to Attacking Mobile Phones on a Large Scale. In USENIX Security, 2011.

Digital Library

[20]

Cyanogen(mod). OpenVPN, 2011. http://www.cyanogenmod.com/features/openvpn.

[21]

N. Daswani, C. Mysen, V. Rao, S. Weis, K. Gharachorloo, and S. Ghosemajumder. Online advertising fraud. Crimeware: Understanding New Attacks and Defenses, 2008.

[22]

N. Daswani and M. Stoppelman. The anatomy of Clickbot. A. In Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, pages 11--11. USENIX Association, 2007.

Digital Library

[23]

S. Doherty and P. Krysiuk. Android.Basebridge. Symantec, 2011. http://www.symantec.com/security_response/writeup.jsp?docid=2011-060915-4938-99.

[24]

M. Egele, C. Kruegel, E. Kirda, and G. Vigna. PiOS: Detecting Privacy Leaks in iOS Applications. In NDSS, 2011.

[25]

W. Enck, P. Gilbert, B. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In OSDI, 2010.

Digital Library

[26]

W. Enck, M. Ongtang, and P. McDaniel. On Lightweight Mobile Phone Application Certification. In CCS, 2009.

Digital Library

[27]

F-Secure. Trojanised mobile phone game makes expensive phone calls. http://www.f-secure.com/weblog/archives/00001930.html, 2010.

[28]

A. P. Felt, K. Greenwood, and D. Wagner. The Effectiveness of Application Permissions. In USENIX WebApps, 2011.

Digital Library

[29]

A. P. Felt and D. Wagner. Phishing on Mobile Devices. In W2SP, 2011.

[30]

J. Franklin and V. Paxson. An inquiry into the nature and causes of the wealth of Internet miscreants. In CCS, 2007.

[31]

D. Goodin. Backdoor in top iPhone games stole user data, suit claims. The Register, 2009.

[32]

C. Guo, H. J. Wang, and W. Zhu. Smart Phone Attacks and Defenses. In ACM Workshop on Hot Topics in Networks, 2004.

[33]

J. Hamada. New Android Threat Gives Phone a Root Canal. Symantec, 2011. http://www.symantec.com/connect/blogs/new-android-threat-gives-phone-root-canal.

[34]

E. Haselsteiner and K. Breitfu�. Security in near field communication. Workshop on RFID Security, 2006.

[35]

iClarified. How to change your iPhone IMEI with ZiPhone (Windows). http://www.iClarified.com/entry/index.php?enid=657.

[36]

J. Jamaluddin, N. Zotou, and P. Coulton. Mobile phone vulnerabilities: a new generation of malware. In IEEE International Symposium on Consumer Electronics, 2004.

[37]

X. Jiang. Security Alert: New Sophisticated Android Malware DroidKungFu Found in Alternative Chinese App Markets. http://www.cs.ncsu.edu/faculty/jiang/DroidKungFu.html, 2011.

[38]

C. Johnson. Kenzero virus blackmails those who illegally download anime porn. BBC. http://news.bbc.co.uk/2/hi/technology/8622665.stm.

[39]

Juniper Global Threat Center. Fake player. http://globalthreatcenter.com/?p=1907.

[40]

G. Lawton. Is it finally time to worry about mobile malware? Computer, May 2008.

Digital Library

[41]

M. Fossi (Editor). Symantec Report on the Underground Economy. Symantec Corporation, 2008.

[42]

J. Markoff. Surveillance of Skype Messages Found in China. New York Times, 2008.

[43]

B. Miller, P. Pearce, C. Grier, C. Kreibich, and V. Paxson. What's Clicking What? Techniques and Innovations of Today's Clickbots. In DIMVA, 2011.

Digital Library

[44]

Mobclix. Monthly value of an app user. http://blog.mobclix.com/index/PDF/january_infographic.pdf.

[45]

C. Mulliner. Vulnerability Analysis and Attacks on NFC-enabled Mobile Phones. In Proceedings of the 1st International Workshop on Sensor Security (IWSS) at ARES, Fukuoka, Japan, 2009.

[46]

Y. Niu, F. Hsu, and H. Chen. iPhish: Phishing Vulnerabilities on Consumer Electronics. In UPSEC, 2009.

Digital Library

[47]

P. Porras and H. Saidi and V. Yegneswaran. An Analysis of the Ikee.B (Duh) iPhone Botnet. SRI International, 2009. http://mtc.sri.com/iPhone.

[48]

Panda Security. Eeki.A. http://www.pandasecurity.com/homeusers/security-info/215107/Eeki.A, 2009.

[49]

C. Peikari. PDA attacks, part 2: airborne viruses-evolution of the latest threats. (IN) SECURE Magazine, 2005.

[50]

P. Roberts. Android NFC bug could be the first of many. http://threatpost.com/en_us/blogs/android-nfc-bug-could-be-first-many-062011, 2011.

[51]

S. Rosenblatt. Avast to go mobile, get VPN. The Download Blog, 2011. http://download.cnet.com/8301-2007_4-20074377-12/avast-to-go-mobile-get-vpn.

[52]

A. Schmidt, H. Schmidt, L. Batyuk, J. H. Clausen, S. A. Camtepe, and S. Albayrak. Smartphone Malware Evolution Regisited: Android Next Target? In MALWARE, 2009.

[53]

A. Shevchenko. An overview of mobile device security. http://www.viruslist.com/en/analysis.

[54]

T. Strazzere. Security Alert: HongTouTou, New Android Trojan, Found in China. The Lookout Blog, 2011.

[55]

T. Strazzere. Security Alert: Malware Found Targeting Custom ROMs (jSMSHider). The Lookout Blog, 2011.

[56]

T. Strazzere. Security Alert: zHash, A Binary that can Root Android Phones, Found in Chinese App Markets and Android Market. The Lookout Blog, 2011.

[57]

Symantec. Android.geinimi. http://www.symantec.com/security_response/writeup.jsp?docid=2011-010111-5403-99.

[58]

Symantec. Android threat set to trigger on the end of days, or the day's end. http://www.symantec.com/connect/blogs/android-threat-set-trigger-end-days-or-day-s-end, 2011.

[59]

Symantec. Symbos.spitmo. http://www.symantec.com/security_response/writeup.jsp?docid=2011-040610-5334-99, 2011.

[60]

B. Thompson. UAE Blackberry update was spyware. http://news.bbc.co.uk/2/hi/technology/8161190.stm.

[61]

S. Toyssy and M. Helenius. About malicious software in smartphones. Journal in Computer Virology, 2006.

[62]

P. Traynor, M. Lin, M. Ongtang, V. Rao, T. Jaeger, P. McDaniel, and T. La Porta. On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core. In CCS, 2009.

Digital Library

[63]

Trend Micro. BBOS_ZITMO.B. http://about-threats.trendmicro.com/Malware.aspx?language=us&name=BBOS_ZITMO.B, 2011.

[64]

T. Vidas, D. Votipka, and N. Christin. All your droid are belong to us: A survey of current android attacks. In WOOT, 2011.

Digital Library

[65]

J. Wortham. Unofficial Software Incurs Apple's Wrath. The New York Times, 2009.

Cited By

Frotan NYazıcı R(2024)ARAYÜZ ÇEŞİTLENDİRMESİNİN KÖTÜ AMAÇLI YAZILIMLARDA KULLANIM DURUMUİstanbul Ticaret Üniversitesi Teknoloji ve Uygulamalı Bilimler Dergisi10.56809/icujtas.1410198Online publication date: 9-May-2024
https://doi.org/10.56809/icujtas.1410198
Pacherkar HYan GKim YKim JKoushanfar FRasmussen K(2024)PROV5GC: Hardening 5G Core Network Security with Attack Detection and Attribution Based on Provenance GraphsProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656129(254-264)Online publication date: 27-May-2024
https://dl.acm.org/doi/10.1145/3643833.3656129
Srivastava SRaj S(2024)Measurements of Security Metrics for Wireless Communications2024 IEEE 1st Karachi Section Humanitarian Technology Conference (KHI-HTC)10.1109/KHI-HTC60760.2024.10482183(1-6)Online publication date: 8-Jan-2024
https://doi.org/10.1109/KHI-HTC60760.2024.10482183
Show More Cited By

Index Terms

A survey of mobile malware in the wild
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Detecting, validating and characterizing computer infections in the wild
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference

Although network intrusion detection systems (IDSs) have been studied for several years, their operators are still overwhelmed by a large number of false-positive alerts. In this work we study the following problem: from a large archive of intrusion ...
The Next Malware Battleground: Recovery After Unknown Infection

Malware has become a natural aspect of Internet computing due to the imperfectness of systems that identify malware and prevent their installation. Our ability to control the volume of unwanted and malicious traffic on the Internet—the spam messages, ...
Correlation Analysis between Spamming Botnets and Malware Infected Hosts
SAINT '11: Proceedings of the 2011 IEEE/IPSJ International Symposium on Applications and the Internet

Many of recent cyber attacks are being launched by botnets for the purpose of carrying out large-scale cyber attacks such as spam emails, Distributed Denial of Service (DDoS), network scanning and so on. In many cases, these botnets consist of a lot of ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SPSM '11: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices

October 2011

96 pages

ISBN:9781450310000

DOI:10.1145/2046614

General Chair:
Xuxian Jiang
North Carolina State University
,
Program Chairs:
Amiya Bhattacharya
Arizona State University
,
Partha Dasgupta
Arizona State University
,
William Enck
North Carolina State University

Copyright � 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 October 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'11

Sponsor:

SIGSAC

CCS'11: the ACM Conference on Computer and Communications Security

October 17, 2011

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 46 of 139 submissions, 33%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

502
Total Citations
View Citations
7,292
Total Downloads

Downloads (Last 12 months)123
Downloads (Last 6 weeks)5

Reflects downloads up to 17 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Frotan NYazıcı R(2024)ARAYÜZ ÇEŞİTLENDİRMESİNİN KÖTÜ AMAÇLI YAZILIMLARDA KULLANIM DURUMUİstanbul Ticaret Üniversitesi Teknoloji ve Uygulamalı Bilimler Dergisi10.56809/icujtas.1410198Online publication date: 9-May-2024
https://doi.org/10.56809/icujtas.1410198
Pacherkar HYan GKim YKim JKoushanfar FRasmussen K(2024)PROV5GC: Hardening 5G Core Network Security with Attack Detection and Attribution Based on Provenance GraphsProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656129(254-264)Online publication date: 27-May-2024
https://dl.acm.org/doi/10.1145/3643833.3656129
Srivastava SRaj S(2024)Measurements of Security Metrics for Wireless Communications2024 IEEE 1st Karachi Section Humanitarian Technology Conference (KHI-HTC)10.1109/KHI-HTC60760.2024.10482183(1-6)Online publication date: 8-Jan-2024
https://doi.org/10.1109/KHI-HTC60760.2024.10482183
Hill JOwens Walker TBlanco JIves RRakvic RJacob B(2024)Ransomware Classification Using Hardware Performance Counters on a Non-Virtualized SystemIEEE Access10.1109/ACCESS.2024.339549112(63865-63884)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3395491
Abdul Kadir AHabibi Lashkari ADaghmehchi Firoozjaei MAbdul Kadir AHabibi Lashkari ADaghmehchi Firoozjaei M(2024)ConclusionUnderstanding Cybersecurity on Smartphones10.1007/978-3-031-48865-8_8(109-113)Online publication date: 23-Jan-2024
https://doi.org/10.1007/978-3-031-48865-8_8
Abdul Kadir AHabibi Lashkari ADaghmehchi Firoozjaei MAbdul Kadir AHabibi Lashkari ADaghmehchi Firoozjaei M(2024)iPhone Operating System (iOS)Understanding Cybersecurity on Smartphones10.1007/978-3-031-48865-8_3(43-55)Online publication date: 23-Jan-2024
https://doi.org/10.1007/978-3-031-48865-8_3
Sharma SPrachi Chhikara RKhanna K(2023)Hybrid Feature Selection Model for Detection of Android Malware and Family ClassificationRisk Detection and Cyber Security for the Success of Contemporary Computing10.4018/978-1-6684-9317-5.ch012(241-264)Online publication date: 30-Jun-2023
https://doi.org/10.4018/978-1-6684-9317-5.ch012
Atacak İ(2023)An Ensemble Approach Based on Fuzzy Logic Using Machine Learning Classifiers for Android Malware DetectionApplied Sciences10.3390/app1303148413:3(1484)Online publication date: 23-Jan-2023
https://doi.org/10.3390/app13031484
Lyu CYao YGuo XHuang ZDong CZhang YChen Z(2023)AntiMal: an Approach of Malware Detection Employing Swin TransformerProceedings of the 2023 13th International Conference on Communication and Network Security10.1145/3638782.3638783(1-5)Online publication date: 6-Dec-2023
https://dl.acm.org/doi/10.1145/3638782.3638783
Li SZhong HWang LCui JHan JYing Z(2023)SecuCar: Data Loss Prevention for Cloud assisted VSS based on Public Auditing TechniqueIEEE Transactions on Vehicular Technology10.1109/TVT.2023.3281728(1-12)Online publication date: 2023
https://doi.org/10.1109/TVT.2023.3281728
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents