CompSci eggheads to map Android malware genome

Aim for taxonomy of droid ills


Mobile security researchers are teaming up to share samples and data on malware targeting the Android platform.

The Android Malware Genome Project, spearheaded by Xuxian Jiang, a computer science researcher at North Carolina State University, aims to boost collaboration in defending against the growing menace of mobile malware targeting smartphones from the likes of HTC and Samsung which are based on Google's mobile operating system platform.

The NC State team led by Xuxian was the first to identify dozens of Android malware programs, including DroidKungFu and GingerMaster.

The project is designed to facilitate the sharing of Android malware code between security researchers, along the same lines as the long-standing malware sample sharing projects already set up by Windows anti-virus software developers. The project has already collected more than 1,200 pieces of Android malware.

Xuxian explains that rapid access by security researchers to Android malware is needed because "our defence capability is largely constrained by the limited understanding of these emerging mobile malware and the lack of timely access to related samples".

The project not only wants to enable the sharing of mobile malware samples but also to facilitate work to create a taxonomy of Android malware, with the aim of helping to create improved security defences, which the NC State team argue are currently falling well short of delivering effective protection.

In this project, we focus on the Android platform and aim to systematise or characterise existing Android malware. Particularly, with more than one year effort, we have managed to collect more than 1,200 malware samples that cover the majority of existing Android malware families, ranging from their debut in August 2010 to recent ones in October 2011. In addition, we systematically characterize them from various aspects, including their installation methods, activation mechanisms as well as the nature of carried malicious payloads.

The characterization and a subsequent evolution-based study of representative families reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software. Based on the evaluation with four representative mobile security software, our experiments in November, 2011, show that the best case detects 79.6 per cent of them while the worst case detects only 20.2 per cent in our dataset. These results clearly call for the need to better develop next-generation anti-mobile-malware solutions.

Xuxian explained that the project was particularly targeted at academic researchers and was designed to supplement vendor-led efforts at mobile malware exchange and analysis.

"I am aware of some malware-exchanging programmes between these vendors, either for Windows-based malware or Android-based malware," he told El Reg. "However, it seems hard for independent researchers or academic researchers to be involved.

"Great innovations can also come from research labs in academia. This is one main reason why we are promoting and sharing Android malware samples for research purposes. Also, notice that Android malware is still at the early stage and rapidly evolving. With this timing, the sharing becomes extremely important."

The project was announced at IEEE Symposium on Security and Privacy in San Francisco on Tuesday. ®

Similar topics


Other stories you might like

  • Google shows off immersive maps, AR-flavored search, Pixel 7, and more
    Your essential de-hyped guide to what the Chocolate Factory teased at developer shindig

    Google IO Google I/O, the ad biz's annual developer conference, returned to the Shoreline Amphitheater in California's Mountain View on Wednesday, for the first time in three years. The gathering remained largely a remote event due to the persistence of COVID-19 though there were enough Googlers, partners, and assorted software developers in attendance to fill venue seats and punctuate important points with applause.

    Sundar Pichai, CEO of Google parent Alphabet, opened the keynote by sounding familiar themes. He leaned into the implied sentiment, "We're here to help," an increasingly iffy proposition in light of the many controversies facing the company.

    He said he wanted to explain how Google is advancing its mission in two ways, "by deepening our understanding of information so that we can turn it into knowledge and advancing the state of computing so that knowledge is easier to access no matter who or where you are."

    Continue reading
  • iOS, Android stores host more than 1.5 million 'abandoned' apps
    That's more than the total that are actively maintained, study claims

    A study has found more outdated apps in Apple's App Store and Google Play than actively updated ones. 

    Analytics biz Pixalate – the outfit behind the study, titled The Abandoned Mobile Apps Report – told The Register its figures appear "to support Apple's apparent desire to 'clean up' abandoned apps," despite the unpopularity of the announcement with developers. The iGiant last month threatened to wipe away software from its store that hasn't been updated for a significant period of time.

    The report consists of data from crawls of the Android and iOS app stores to look for what Pixalate classified as abandoned apps – those that have gone two or more years without an update. Between the two stores in the first quarter of 2022, Pixalate said it found more than 1.5 million abandoned apps, amounting to 33 percent of the more than five million apps it told The Register it examined. 

    Continue reading
  • Microsoft closes Windows LSA hole under active attack
    Plus many more flaws. And Adobe, Android, SAP join the bug-squashing frenzy

    Microsoft patched 74 security flaws in its May Patch Tuesday batch of updates. That's seven critical bugs, 66 deemed important, and one ranked low severity.

    At least one of the vulnerabilities disclosed is under active attack with public exploit code, according to Redmond, while two others are listed as having public exploit code.

    After April's astonishing 100-plus vulnerabilities, May's patching event seems tame by comparison. However, "this month makes up for it in severity and infrastructure headaches," Chris Hass, director of security at Automox, told The Register. "The big news is the critical vulnerabilities that need to be highlighted for immediate action."

    Continue reading
  • Engineer gets Windows 11 working on a Surface Duo
    So those hardware requirements for Microsoft's OS really are arbitrary

    Arch tinkerer Gustave Monce has demonstrated Windows 11 running on a first-generation Surface Duo.

    The Duo is famously an Android device but, fresh from showing that Windows 11 could be coaxed into running on a Lumia Windows Phone, Monce has worked his magic on Redmond's first effort at a foldable handset.

    While Monce's work on the Lumia 950XL was more of an intellectual exercise, getting both screens working on the Duo is undeniably impressive. His adventures have been well documented on Twitter, with the engineer observing: "I think there might be a performance ~~gap~~ ocean between this and the Lumia 950 XL. Crazy what 4 years did in terms of SoC performance. Oh and thermals are very good."

    Continue reading

Biting the hand that feeds IT © 1998–2022