Stego-malware in Google Play. Findings and limitations

Presented at VB2015, Oct. 2, 2015, 2:30 p.m. (30 minutes)

The significance of the side-channels in cybersecurity has led the evolution of some of the most recognized threats in recent years. These side-channels are usually employed to send or receive data and they can be defined in several ways. However, sometimes they require some subterfuge to hide the real purpose of the information. In this contribution we explore the potential of a known technique, called steganography, to exploit different mobile application stores as side-channels. Two alternatives have been explored: the propagation of stego-malware in these app stores and the possibility to develop an APT using these hidden channels. Focusing on the usage of images to hide payloads, our tests show that stego-malware is a real problem. We have analysed more than 2 million apps and over 7 million potential stego-images. And we can demonstrate that, with current steganalysis technology, it is feasible to use these app stores as side-channels.

Presenters:

• Antonio Guzmán - 11paths - Telefonica
  Antonio Guzmán Antonio Guzmán received his Ph.D. in computer engineering from Rey Juan Carlos University. From 2000 to 2013 he was an assistant teacher and researcher at the Rey Juan Carlos University, Spain, working in the computer architecture deparment. In 2005, he co-founded of the group of investigation Gaap (http://www.gaapsoluciones.es/), where he led the investigation efforts on security and privacy. Guzmán is author of many articles in journals, symposiums and conferences of impact (e.g IEEE, ACM, etc) and important security conferences (e.g. Defcon, Blackhat, etc). Since May 2013, Antonio Guzmán has set the teaching aside and he has focused on privately funded research on security. Nowadays, he is head of the research area in Eleven Paths, a Telefonica company, where he has filled more than 8 patents (http://www.elevenpaths.com).
• Alfonso Muñoz - 11paths - Telefonica
  Alfonso Muñoz Alfonso Muñoz (CISA, CEH, CHFI) has been working for over 10 years in security, in a variety of capacities (including intelligence, cryptanalysis and network and system security) in European companies and public organizations. He is an expert in surveillance technologies and data protection (cryptography, steganography, etc.). He has published more than 50 academic papers about security and privacy (IEEE, ACM,...). Alfonso is a regular conference speaker on the subjects of security (STIC CCN-CERT, Virus Bulletin, DEEPSEC, HackInTheBox, RootedCon, NoConName, GsickMinds).

Links:

• https://www.virusbulletin.com/conference/vb2015/abstracts/stego-malware-google-play-findings-and-limitations

Similar Presentations:

• 44CON 2019 / “I’m unique, just like you: Human side-channels and their implications for security and privacy”
• Black Hat USA 2019 / I'm Unique, Just Like You: Human Side-Channels and Their Implications for Security and Privacy
• Black Hat Europe 2015 / Hiding in Plain Sight - Advances in Malware Covert Communication Channels