A survey of mobile malware in the wild

Felt, Adrienne Porter; Finifter, Matthew; Chin, Erika; Hanna, Steve; Wagner, David

doi:10.1145/2046614.2046618

Cited by 617 publications

(353 citation statements)

References 9 publications

Supporting

Mentioning

327

Contrasting

Unclassified

Order By: Relevance

“…Phishing is a difficult unresolved problem [8]. Since phishing attacks can be made more convincing on smartphones than on a desktop browser, users can expect to see more phishing attacks on mobile malware in the future [8].…”

Section: Smartphone Vulnerabilitymentioning

confidence: 99%

“…Since phishing attacks can be made more convincing on smartphones than on a desktop browser, users can expect to see more phishing attacks on mobile malware in the future [8]. Attackers create different kinds of malware to exploit devices for financial gain, utilization of resources, information and data theft, search engine optimization, spam messages, access private networks, or even damaging devices for amusement.…”

Section: Smartphone Vulnerabilitymentioning

confidence: 99%

See 1 more Smart Citation

Quick Response Code Secure: A Cryptographically Secure Anti-Phishing Tool for QR Code Attacks

Mavroeidis

Nicho

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Section: Smartphone Vulnerabilitymentioning

confidence: 99%

Section: Smartphone Vulnerabilitymentioning

confidence: 99%

Quick Response Code Secure: A Cryptographically Secure Anti-Phishing Tool for QR Code Attacks

Mavroeidis

Nicho

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

“…Egele et al [34] studied privacy threats affecting iOS users whereas TaintDroid [35] used a system wide taint tracking to identify privacy leaks in Android applications. Some studies have surveyed the types of mobile malware seen in the wild, and evaluated different techniques that can be leveraged in detecting and preventing such threats [36,37,38].…”

Section: Related Workmentioning

confidence: 99%

Uncovering the footprints of malicious traffic in wireless/mobile networks

Raghuramu

Pathak

Zang

et al. 2016

Computer Communications

View full text Add to dashboard Cite

This paper presents a measurement study that analyzes large-scale traffic data gathered from two different wireless scenarios: cellular and WiFi networks.We first analyze packet traces and security event logs generated by over 2 million devices in a major US-based cellular network, and show that 0.17% of mobile devices are affected by security threats. We then analyze the aggregate network footprint of malicious and benign traffic in the cellular network, and demonstrate that statistical network features (e.g., uplink data transfer volume, IP entropy) can be effectively used to distinguish such malicious and benign traffic. We next investigate over 2.4 TB of WiFi traffic data, which are generated by 27 K distinct users, in a university campus network. Based on the lessons learned from a comprehensive exploration of a large feature space consisting of over 500 statistical attributes derived from network traffic to/from malicious and benign domains, we propose a novel, in-house traffic screening method, which has the capability of effectively identifying potential malicious domains. Our method achieves over 90% accuracy with only using a small set of simple statistical network features, without using any additional specialized datasets (e.g., geolocation database) or resource-intensive solutions (e.g., DPI boxes to collect HTTP traffic.).

show abstract

“…This Trojan buys items from online stores and intercepts the SMS messages containing a verification code that is needed to complete the payment process. Additionally, further mobile malware, which steals authentication credentials, attacks mobile phone owners [22,27].…”

Section: Mobile Phone Trojansmentioning

confidence: 99%

“…Several studies conducted on mobile malware [22,27] show that authentication credential stealing mobile malware exists in the wild. In this work, we present countermeasures that specifically protect against mobile malware that is built to intercept and exfiltrate authentication credentials sent via SMS.…”

Section: Related Workmentioning

confidence: 99%

SMS-Based One-Time Passwords: Attacks and Defense

Mulliner

Borgaonkar

Stewin

et al. 2013

Detection of Intrusions and Malware, and Vulnerability Assessment

View full text Add to dashboard Cite

Abstract. SMS-based One-Time Passwords (SMS OTP)were introduced to counter phishing and other attacks against Internet services such as online banking. Today, SMS OTPs are commonly used for authentication and authorization for many different applications. Recently, SMS OTPs have come under heavy attack, especially by smartphone Trojans. In this paper, we analyze the security architecture of SMS OTP systems and study attacks that pose a threat to Internet-based authentication and authorization services. We determined that the two foundations SMS OTP is built on, cellular networks and mobile handsets, were completely different at the time when SMS OTP was designed and introduced. Throughout this work, we show why SMS OTP systems cannot be considered secure anymore. Based on our findings, we propose mechanisms to secure SMS OTPs against common attacks and specifically against smartphone Trojans.

show abstract

A survey of mobile malware in the wild

Cited by 617 publications

References 9 publications

Quick Response Code Secure: A Cryptographically Secure Anti-Phishing Tool for QR Code Attacks

Quick Response Code Secure: A Cryptographically Secure Anti-Phishing Tool for QR Code Attacks

Uncovering the footprints of malicious traffic in wireless/mobile networks

SMS-Based One-Time Passwords: Attacks and Defense

Contact Info

Product

Resources

About