Forensic analysis of hook Android malware

被引：0

作者：

Schmutz, Dominic ^{[1
]}

Rapp, Robin ^{[1
]}

Fehrensen, Benjamin ^{[1
]}

机构：

[1] Bern Univ Appl Sci, Biel, Bern, Switzerland

来源：

FORENSIC SCIENCE INTERNATIONAL-DIGITAL INVESTIGATION | 2024年 / 49卷

关键词：

Android malware; Hook; MaaS; RAT; Accessibility permission;

D O I：

10.1016/j.fsidi.2024.301769

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

This publication presents a thorough forensic investigation of the banking malware known as Hook, shedding light on its intricate functionalities and providing valuable insights into the broader realm of banking malware. Given the persistent evolution of Android malware, particularly in the context of banking threats, this research explores the ongoing development of these malicious entities. In particular, it emphasizes the prevalent "malware as a service" (MaaS) model, which engenders a competitive environment where malware developers continually strive to enhance their capabilities. Consequently, this investigation serves as a vital benchmark for evaluating the current state of banking MaaS capabilities in July 2023, enabling researchers and practitioners to gauge the advancements and trends within the field.

引用

页数：17

共 34 条

[1] [Anonymous], 2023, Android Developers: WebView
[2] Aprville Axelle., 2022, Multidex trick to unpack Android/BianLian
[3] bakarjokhio, 2016, GitHub - never ending background (foreground) service
[4] Blockchain.com, 2023, Address: bc1ql34xd8ynty3myfkwaf8jqeth0p4fxkxg673vlf
[5] Doctor Web, 2018, Doctor Web discovered a clipper Trojan for Android
[6] Duke Eugene., 2023, Android Botnet Hook
[7] Etherscan, 2023, Address: 0x3Cf7d4A8D30035Af83058371f0C6D4369B5024Ca
[8] Android Security: A Survey of Issues, Malware Penetration, and Defenses
Faruki, Parvez
Bharmal, Ammar
Laxmi, Vijay
Ganmoor, Vijay
Gaur, Manoj Singh
Conti, Mauro
Rajarajan, Muttukrishnan
[J]. IEEE COMMUNICATIONS SURVEYS AND TUTORIALS, 2015, 17 (02): : 998 - 1022
[9] Fengguo Wei, 2017, Detection of Intrusions and Malware, and Vulnerability Assessment. 14th International Conference, DIMVA 2017. Proceedings: LNCS 10327, P252, DOI 10.1007/978-3-319-60876-1_12
[10] Google, 2023, VirusTotal - analyse suspicious files, domains, IPs and URLs to detect malware and other breaches, automatically share them with the security community

← 1 2 3 4 →