On the detection of existing malicious mobile software

This article was first published in Computer Magazine and is now presented to you by Infoq & IEEE Computer Society.

Thanks to its super portability and ease of use, smartphones have increased our daily lives in many ways, providing instant access to rich information on the Internet, as well as the following features: credit card payments, video conferencing and language recognition. According to Gartner, more than 428 million mobile devices were sold around the world in the second quarter of 2011, accounting for 25% of the total number of mobile devices sold so far. IMS is predicting that by the end of 2016 smartphone sales will exceed 1 billion units a year.

Users ' reliance on mobile phones is increasing, and the large amount of personal information stored by these devices makes them the main targets of malware attacks. Since 2004, when Kaspersky Labs discovered the first Internet worm Cabir the mobile phone, the number of malware has grown with the popularity of smartphones.

The survey provides a better explanation for the motives behind the "existing" (malicious application 1) malware in the mobile application market. In turn, this information can help mobile security researchers develop newer technologies to prevent smartphones from being compromised by security.

What is malicious mobile software?

Malware refers to software that behaves maliciously, and can be classified roughly as viruses, botnets, worms, and Trojan horses. Initially, malware was simply used to emphasize security vulnerabilities in software systems. But the motives behind it have begun to change, and now its authors are mainly using it to gain massive economic benefits. Many new techniques for detecting malware have been presented in the literature, and most have been identified by Manuel Egele and his colleagues in a comprehensive survey conducted in 2011.2. Still, research into malicious mobile software is still at an early stage, and malware developers have just shifted their attention to smartphones.

In addition to malware, mobile devices face two other major threats: Spyware and grey software 1. Spyware collects similar user locations, text messages, and phone records when the victim is unknown. Spyware is not an illegal category because it does not send information to an application author. But it is immoral to install personal spyware on mobile phones without the consent of the device owner.

Grey software is annoying, but it is far less serious than malware. For example, grey software does not affect the computer running or collecting sensitive data, but it may change the user's font color or install annoying pop-up boxes. Grey software is very common in smartphones and is just on the verge of law: the authors describe their intentions and the behavior they apply to privacy policy, but users tend to click "Agree" directly on the phone, ignoring what is actually stated on the statement.

Many researchers have categorized malicious mobile software in terms of their authors ' intentions and the similarity of their applications in behavior by 1. Table 1, which is obtained from the link, summarizes one of the most important examples.

Table 1. Overview of behavior classification of existing malicious mobile software
Malicious behavior	Describe
Provide novelty and entertainment	It is mainly used for playing or showing off the technical ability of the author; it is not serious; it does not produce purposeful destruction. Example: Android.walkinwat;
Sell User Information	Secretly collect user details such as location, installation software, download history and Address Book, and then sell the details to advertisers or marketers. Example: Droiddreamlight;
Steal User Credit	Capture user credit, such as: Obtain bank account information by secret listening text information, get key information through keyboard record, file scan and launch phishing attack. Example: ikee.b;
Manipulating the content of submissions	Generate high cost phone or text information that may be used to submit content such as technical support, stock quotes or adult services. Example: Fakeplayer;
Send spam messages	Send a number of spam messages that usually contain ads and phishing links to mobile phones. Example: Geinimi;
Manipulating Search engine Optimization	Improve the rankings of the site in search engine results. For example: the Toutou;

Malicious software detection Technology

Technologies that can be used to detect malicious mobile software and other security vulnerabilities have their different strengths and weaknesses.