Cross-platform mobile malware: write once run everywhere

Presented at VB2015, Oct. 2, 2015, 2 p.m. (30 minutes)

Every day, thousands of new mobile apps are published on mobile app stores including the *Google Play* store and *iOS* app store. While many of them are native apps, others are cross-platform mobile or HTML-based hybrid apps developed by cross-platform mobile development tools. Native apps either for *Android* or *iOS* are usually written using *Android* SDK or Xcode tools. However, malware authors have plenty of choices when it comes to writing or repacking mobile malware that targets multiple platforms. At *SophosLabs*, we have seen an increase in malicious apps written with cross-platform development tools such as *PhoneGap*. These pieces of malware hide malicious code in HTML files or tools' specific containers instead of the platform's native binaries. Considering the platform-independent characteristics, it is possible to foresee that more mobile malware and PUA families will be released across different mobile platforms including *Android*, *iOS* and *Windows Mobile*. Many game apps have been developed with cross-platform tools like *Unity*, *Corona* and *Cocos2d*. Each tool generates its own executable format that can be used to package hidden malicious payloads. As a result, security researchers will be facing a great challenge to analyse and detect these pieces of mobile malware. This paper will research the feasibility of new cross-platform mobile malware and test whether existing virus scanners can detect them. We will also analyse their package structures and discuss technical issues and finally suggest a solution to the problems.

Presenters:

  • Xinran Wu - Sophos
    Xinran Wu Xinran Wu graduated from the University of New South Wales in Australia. He has been working as a Threat Researcher at SophosLabs for over six years where he has been reversing and analysing malware for various platforms. His current research areas include Mac threats, and also Android threats. Xinran enjoys reading and playing tennis in his free time.
  • William Lee - Sophos
    William Lee William Lee is a senior threat researcher at SophosLabs and holds a Master's degree in IT from the University of Sydney. Prior to joining Sophos, he developed mobile platforms and applications at Samsung for Samsung's Galaxy and Bada devices and he also implemented static and dynamic analysis systems for Android at Symantec. He currently spends his time carrying out in-depth analysis of Android malware and research on malware clustering. In his free time, William enjoys playing tennis and kayaking in Sydney.

Links:

Similar Presentations: