JIS  Vol.4 No.4 , October 2013
Analysis of Malware Families on Android Mobiles: Detection Characteristics Recognizable by Ordinary Phone Users and How to Fix It
Author(s) Hieu Le Thanh
ABSTRACT

The sale of products using the android Operation System (OS) phone is increasing in rate: the fact is that its price is cheaper but its configured hardware is higher, users easily buy it and the approach to this product increases the risk of the spread of mobile malware. The understanding of majority of the users of this mobile malware is still limited. While they are growing at a faster speed in the number and level of sophistication, especially their variations have created confusion for users; therefore worrying about the safety of its users is required. In this paper, the author discussed the identification and analysis of malware families on Android Mobiles. The author selected the recognizable characteristics from ordinary users with their families collected from 58 malware families and 1485 malware samples and proposed solutions as recommendations to users before installing it with the ultimate desire to mitigate the damage in the community that is on the android phone, especially the ordinary users with limited understanding about potential hazards. It would be helpful for the ordinary users to identify the mobile malware in order to mitigate the information security risk.


Cite this paper
H. Thanh, "Analysis of Malware Families on Android Mobiles: Detection Characteristics Recognizable by Ordinary Phone Users and How to Fix It," Journal of Information Security, Vol. 4 No. 4, 2013, pp. 213-224. doi: 10.4236/jis.2013.44024.
References
[1]   UK, “Worldwide Mobile Device Sales to End Users by Operating System in third Quarter of 2012,”2012. http://www.gartner.com/it/page.jsp?id=2237315

[2]   R. Thurner, “A Breakdown by Country of the Most Popular App Download Services to Help Make the Business Case,” 2012. http://www.smartinsights.com/mobile-marketing/app-marketing/app-down load-statistics/

[3]   Kaspersky Lab, “The overall statistics for 2012,” 2012. http://www.securelist.com/en/analysis/ 204792255/Kaspersky_Security_Bulletin_2012_The_overall_statistics_ for_2012#1

[4]   “Number of the Week: 40% of Modern Smartphones Owners Do Not Use Antivirus Software,” 2012. http://www.kaspersky.com/about/news/press/2012/number-of-the-week-40-percent-of-modern-smartphones-owners-do-not-use-antivirus-software

[5]   Y. J. Zhou and X. X. Jiang, “Dissecting Android Malware: Characterization and Evolution,” Proceedings of the 33rd IEEE Symposium on Security and Privacy (Oakland 2012), San Francisco, 20-23 May 2012, pp. 95-109.

[6]   Contagio Mobile, “Download Malware Categories”. http://contagiominidump.blogspot.com/

[7]   US-CERT/NIST, “Vulnerability Summary for CVE-2009-1185,” 2009. http://web.nvd.nist.gov/view/vuln /detail?vulnId=CVE-2009-1185

[8]   X. X. Jiang, “Security Alert: New Sophisticated Android Malware DroidKungFu Found in Alternative Chinese App Markets,” 2011. http://www.cs.ncsu.edu/faculty/jiang/DroidKungFu/

[9]   X. X. Jiang, “Security Alert: New DroidKungFu Variants Found in Alternative Chinese Android Markets,” 2011. http://www.cs.ncsu.edu/faculty/jiang/DroidKungFu2/

[10]   X. X. Jiang, “Security Alert: New DroidKungFu Variant AGAIN! Found in Alternative Android Markets,” 2011. http://www.csc.ncsu.edu/faculty/jiang/DroidKungFu3/

[11]   Wikipedia, “Reverse_Engineering”. http://en.wikipedia.org/wiki/Reverse_engineering

[12]   X. X. Jiang, “Security Alert: AnserverBot, New Sophisticated Android Bot Found in Alternative Android Markets,” 2011. http://www.csc.ncsu.edu/faculty/jiang/AnserverBot/

[13]   Symantec, “Android.Basebridge,” 2011. http://www.symantec.com/security_response/writeup.jsp?docid=2011-060915-4938-99 &tabid=2

[14]   X. X. Jiang, “Security Alert: New BeanBot SMS Trojan Discovered,” 2011. http://www.csc.ncsu.edu /faculty/jiang/BeanBot/

[15]   Trendmicro, “ANDROIDOS_BGSERV.A,” 2011. http://about-threats.trendmicro.com/us/malware/Androi dOS_BGSERV.A

[16]   Symantec, “Android.Pjapps,” 2011. http://www.symantec.com/securityresponse/writeup.jsp?docid= 2011-022303-3344-99&tabid=2

[17]   M. Balanza, “Android Malware Acts as an SMS Relay,” Trend Labs, 2011. http://blog.trendmicro.com/ trendlabs-security-intelligence/android-malware-acts-as-an-sms-relay/

[18]   NQMobile, “DroidCoupon”. http://labs.netqin.com/us/?p=112

[19]   Kindsight Lab, Malware Analysis Report, “AndroidOS/ DroidDeluxe,” 2011. https://www.kindsight.net/ sites/default/files/Kindsight_Malware_Analysis-Android-Trojan-DroidDeluxe-final.pdf

[20]   Lookout, “Technical Analysis DroidDream Malware,” 2011. https://blog.lookout.com/droiddream/

[21]   Trendmicro, “ANDROIDOS_DORDRAE.N,” 2011. http://aboutthreats.trendmicro.com/us/malware/ANDR OIDOS_DORDRAE.N

[22]   AVGbobilation, “Malware Information: DroidDreamLight,” 2011. http://cms.avg-hrd.appspot.com/sec uritycenter/securitypost_20110601.html

[23]   X. X. Jiang, “Security Alert: New Sophisticated Android Malware Droid KungFu Found in Alternative Chinese App Markets,” 2011. http://www.cs.ncsu.edu/faculty/jiang/DroidKung Fu/

[24]   X. X. Jiang, “Security Alert: Be Cautious with Android Spyware—GamblerSMS,” 2011. http://www. cs.ncsu.edu/faculty/jiang/GamblerSMS/

[25]   Symantec, “Android.Ggtracker,” 2011. http://www.symantec.com/security_response/writeup.jsp?doc id=2011-062208-5013-99&tabid=2

[26]   Symantec, “Android.Geinimi,” 2011. http://www.symantec.com/security_response/writeup.jsp?doci d=2011-010111-5403-99&tabid=-9

[27]   AVGbobilation, “Malware information: GingerMaster”. http://cms.avg-hrd.appspot.com/securitycenter /securitypost_20110825.html#tabs-2

[28]   Symantec, “Android.Golddream,” 2011. http://www.symantec.com/security_response/writeup.jsp?docid=2011-070608-4139-99&tabid=2

[29]   AVGbobilation, “Malware Information: Gone60,” 2011. http://cms.avg-hrd.appspot.com/securitycent er/securitypost_20110927.html#tabs-2

[30]   Y. Takash, “Beta Version of Spytool App for Android Steals SMS Messages,” i, TrenLabs, 2012. http://blog.trendmicro.com/trendlabs-security-intelligence/beta-version-of-spytool-app-for-android-steals-sms-messages/

[31]   A. Apvrille, “QR Code and Mobile Malware: It Happened!” FortiBlog, 2011. http://blog.fortinet.com/qr-code-and-mobilemalware-it-happened/

[32]   Mcafee, “Virus Profile: Android/J.SMSHider.A,” 2011. http://home.mcafee.com/VirusInfo/VirusProfile.as px?key=527859#none

[33]   Symantec, “LoveTrap” 2011. http://www.symantec.com/security_res ponse/writeup.jsp?docid=2011-072806-2905-99&tabid=2

[34]   Symantec, “Android.Ozotshielder,” 2011. http://www.symantec.com/security_response/writeup.jsp?docid=2011-091505-3230-99

[35]   AVGbobilation, “Malware Information: NickiSpy”. http://cms.avg-hrd.appspot.com/securitycenter/secu ritypost_20110804.htm#tabs-2

[36]   M. Ballano, “Android Threats Getting Steamy,” 2011. http://www.symantec.com/connect/blogs/ android-threats-getting-steamy

[37]   X. Jiang, “Security Alert: New Stealthy Android Spyware—Plankton—Found in Official Android Market,” 2011. http://www.csc.ncsu.edu/faculty/jiang/Plankton/

[38]   X. Jiang, “Security Alert: New Rogue App RogueLemon Found in Alternative Chinese Android Markets,” 2011. http://www.csc.ncsu.edu/faculty/jiang/RogueLemon/

[39]   X. Jiang, “New Rogue Android App—Ro-gueSPPush—Found in Alternative Android Markets,” 2011 http://www.cs.ncsu.edu/faculty/jiang/RogueSPPush/

[40]   Zimry, Irene, Raulf and Leong-F-Secure, “On Android threats Spyware: Android/SndApps.A and Trojan: Android/SmsSpy.D,” 2011. http://www.f-secure.com/weblog/archives/00002202.html

[41]   Forensic Blog, “Detailed Analysis of Android.Spitmo,” 2011, http://forensics.spreitzenbarth.de/ 2011/12/06/detailed-analysis-of-android-spitmo/

[42]   Symantec, “Walkinwat,” 2011. http://www.symantec.com/security_response/writeup.jsp?docid=20 11-033008-4831-99&tabid=2

[43]   Symantec, “Tapsnake,” 2010. http://www.symantec.com/security_response/writeup.jsp?docid=2010 -081214-2657-99

[44]   T. Strazzere, “Security Alert: Zsone Trojan Found in Android Market,” 2011. https://blog.lookout.com/ blog/2011/05/11/security-alert-zsone-trojan-found-in-android-market

[45]   Symantec, “Android.Counterclank,” 2012. http://www.symantec.com/security_response/writeup.jsp?docid=2012-012709-4046-99&tabid=2

[46]   Symantec, “Android.Dougalek,” 2012. http://www.symantec.com/security_response/writeup.jsp?doc id=2012-041601-3400-99

[47]   L. Arsene, “Android SMS Bot Uses Twitter to Hide C&C Server,” 2012. http://www.hotfor security.com/blog/android-sms-bot-uses-twitter-to-hide-cc-server-2602.html

[48]   I. Asrar, “Android.Dropdialer Identified on Google Play,” 2012. http://www.symantec.com/connect/ blogs/androiddrodialer-identified-google-play

[49]   B. Botezatu, “From China with Love: New Android Backdoor Spreading through Hacked Apps,” 2012. http://www.hotforsecurity.com/blog/from-china-with-love-new-android-backdoor-spreading-through-hacked-apps-1317.html

[50]   I. Asrar, “Scam Proves Privacy Concerns on Mobile Devices,” 2012. http://www.symantec.com/ connect/blogs/scam-proves-privacy-concerns-mobile-devices-0

[51]   AV-TEST, “Test Report: Anti-Malware solutions for Android,” 2012. http://www.av-test.org/en/tests/ mobile-devices/android/

[52]   Open Source Database of Android Malware (links + signatures), 2012 https://code.google.com/p/ androguard/wiki/DatabaseAndroM awares#Open_Source_database_of_android_malwares

 
 
Top