A Journey into Mobile Malwares

Transcript

1. Daiane Santos

2. Mobile Security Specialist 10y xp in IT area Appsec &

   Mobsec OWASP Mobile Security member Focused in Android devices Drums, chess, dogs, books, movies...

3. Malware is a term used for any type of malicious

   software designed to harm or exploit any programmable device, service or network.
4. None
5. None
6. None
7. None

8. It runs a safety check on apps from the Google

   Play Store before you download them. It warns you about potentially harmful apps. It may deactivate or remove harmful apps from your device. It warns you about detected apps that violate Software Policy by hiding or misrepresenting important information. It sends privacy alerts about apps that can get user permissions to access your personal information, violating our Developer Policy.

9. Limiting and checking App permissions; Google Play Protect; RASP (Runtime

   Application Self-Protection); Code Obfuscation; In House Solutions. Set some action if a Malware is detected, ex: close the app automatically.

10. Runtime permissions gives additional access to restricted data or let

    your app perform restricted actions that affects the system and other apps. So, you need to request runtime permissions before access the restricted data or perform restricted actions.
11. None
12. None
13. None

14. The Accessibility system was developed for users with disabilities. Using

    it, you can create an app that reads captions on all interface elements and enables you to activate these elements with your voice. This became possible because Accessibility grants you full access to the app interface in the form of a tree of elements: you can navigate through it and perform certain operations with its elements.

15. By exploiting accessibility services, the Trojan can access the UI

    of any other apps installed on the phone and steal data from them, including text. Most banking apps don't allow the user to take screenshots when they're being used, but some malwares like Svpeng, gets around this by using accessibility services to create overlays and make actions in background.

16. Adding accessibility service to AndroidManifest.xml

17. Add the receiver to the AndroidManifest.xml

18. Adding this simple keylogger, all information entered by the user

    in any input field of any app will be displayed in the console

19. In 2019, a vulnerability focused on the Android system emerged,

    which used the system_alert_window permission, focused on PopUps, to overlay the screen with a window over the apps.
20. None

21. The focus of malware is precisely to trick the user

    into thinking that the program is useful or beneficial to him in some way. But in reality, the program performs actions that harm the user or application to harm other applications or services. In this case, using accessibility permissions to overlay the main screen and change the data underneath that screen.

22. Desabilitar Google Play Protect Habilitar downloads de fontes externas não

    oficiais Utiliza o app principal para download do gerenciador de device Desabilitam botão de desinstalar Permissões Dangerous e SignatureorSystem

23. Slow performance; Random reboots; Unusually data usage; Battery draining faster

    than usual; Unfamiliar apps installed; Overheating; Taking a long time to shut down; Signs of activity in standby mode; Weird sounds during phone calls; Weird text messages.

24. Thomas, Tony; Surendran, Roopak; John, Teenu S.; Alazab, Mamoun. Intelligent

    Mobile Malware Detection (Security, Privacy, and Trust in Mobile Communications). CRC Press. Kindle Edition.

25. Daiane Santos @Wh0isdxk @mobilehackingclub daianesantos[at]protonmail[dot]com