The use of mobile devices in our everyday lives has become widespread. In recent years, the number of smartphones sold globally has surpassed the number of desktop computers sold. Malware authors have followed this and developed sophisticated malware addressed both at the mobile device platforms as well as desktop platforms. Particular interest is being shown in the areas of Microsoft\u2019s Windows operating system for desktop computers and the Android operating system for mobile environments. Malware is a general term used to refer to any software that is installed on a machine and performs unwanted tasks. Malware became known to many computer users through widespread infections at the turn of the third millennium. These were based on email attachments as the primary infection\u00a0vector. The year 2004 saw the release of the first malicious software, Cabir, aimed at smartphones. This malware spread among mobile devices which had Bluetooth enabled in discoverable mode and exploited the limited resources of mobile devices, at that time, battery life. Infection vectors for malware changed over the years, moving from the traditional desktop platform to mobile devices. Viruses initially spread through the use of infected floppy discs. When Internet connectivity became more ubiquitous, malware managed to spread using techniques such as mass email lists or web vulnerabilities. Infection vectors which malware uses for mobile devices also had a similar effect, moving from simple SMS or MMS infection vectors to Bluetooth, email and web vulnerabilities.<\/p>\n
<\/p>\n
Malware concealment strategies<\/strong><\/p>\n <\/p>\n Malware concealment strategies serve one purpose: the survival of malicious code. The longer malware can protect itself from detection, the more time it has\u00a0for replication and infection. In this section, we will discuss the malware lifecycle as well as various malware concealment strategies.<\/p>\n <\/p>\n The malware lifecycle<\/strong><\/p>\n The malware lifecycle is made up of four phases, as shown in figure 1 (right). Concealment strategies aim to increase the span of time between the infection\u00a0and detection phases. In addition, these strategies aim to make analysis of the\u00a0malware difficult for anti-malware developers. Through concealment strategies, malware authors aim to spread and prosper, hiding their code from plain sight.<\/p>\n <\/p>\n Malware detection strategies<\/strong><\/p>\n Malware authors are becoming more aware of the security methods devised, and used, in commercial as well as domestic realms. They have become more skilled in hiding their malicious programmes and operate quietly. These attacks have become so advanced that sometimes they can go undetected for weeks, or even months, as in the case of StuxNet. Some malware detection strategies currently in use are:<\/p>\n Static analysis<\/strong> is a process of extracting static information from a file without actually executing the file. This information is used to create a profile\u00a0of the file using different techniques such as calculating file hashes, scanning through different anti-virus and anti-malware engines and extracting file\u00a0information.<\/p>\n <\/p>\n Static taint analysis<\/strong> is used for detecting the information flow of a set of instructions that are influenced by the user\u2019s input. The basic idea is to identify and label variables that have been \u2018tainted\u2019 with input controlled by the user. Any operation that uses a value from a tainted object to derive another value for another object will taint that object. Simple checks that are done on these variables could indicate possible attacks, such as cross\u2010site scripting, SQL injection and malicious script injection.<\/p>\n <\/p>\n Dynamic analysis<\/strong>, or behavioural analysis, is the process of analysing the actions of a programme in the course of execution. The main idea is to execute a code sample within a controlled environment (such as a virtual machine), monitoring its behaviour and obtaining further information about its nature and purpose. Through this analysis, the researcher will be able to assess the threats better, and create proper countermeasures. n<\/p>\n <\/p>\n Dynamic taint analysis<\/strong> is an extension of the static technique described above. It was originally published by Newsome and Song of Carnegie Mellon University in 2005. Data originating or derived from untrusted sources, such as the network, are labelled as tainted. This technique tracks in real time how labelled data impacts other data in a way that might leak the original sensitive data. The type of tracking, as originally proposed, was performed at the instruction level. Finally, the impacted data is identified before leaving the system, usually at the network interface level. n<\/p>\n <\/p>\n Heuristic analysis<\/strong> combines a few known facts with experience to make an assumption on the classification at large, and is regarded as part of artificial intelligence. The term \u2018heuristic\u2019 refers to the act of discovering the solution to a problem. These analysis and detection mechanisms employ data mining and machine learning techniques to review, trace and analyse the behaviour of the application code. Through the use of these methods, heuristics look for pieces of programme code that seem to look like a virus, rather than looking for specific virus signatures. N<\/p>\n <\/p>\n Hybrid malware analysis<\/strong> is a new technique combining both static code analysis as well as dynamic code analysis. This technique combines the benefits of static code analysis with virtual machine analysis. Detection involves a process of analysing and identifying whether a code is genuinely benign or malicious. Robust malware detection strategies depend on how efficiently obfuscated malware is detected. Simple strategies, such as trusting and installing only digitally signed applications, are one way of limiting malware infection. However, given the vast number of applications that are available on the Internet, especially through the use of peer-to-peer sites, one cannot expect all applications to be digitally signed.<\/p>\n","protected":false},"excerpt":{"rendered":" The use of mobile devices in our everyday lives has become widespread. In recent years, the number of smartphones sold globally has surpassed the number of desktop computers sold. Malware authors have followed this and developed sophisticated malware addressed both at the mobile device platforms as well as desktop platforms.<\/p>\n","protected":false},"author":3,"featured_media":793,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[5],"tags":[],"class_list":["post-792","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/12\/browser-redirects-hijacking-malware-virus-1024x787.jpg?fit=1024%2C787&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7ISfL-cM","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":789,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/malware-attack-on-virtual-machines\/","url_meta":{"origin":792,"position":0},"title":"MALWARE ATTACK ON VIRTUAL MACHINES","author":"Daniel Draga","date":"December 6, 2016","format":false,"excerpt":"Server-oriented malware is actually more likely to infect a virtual system than a physical one in many organizations. Now what? This expert e-guide provides the real story of how malware is adapting to virtual environments, so you can ensure protection going forward. \u00a0 Enterprises are increasingly adopting virtualization technology, according\u2026","rel":"","context":"In "Knowledgebase"","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/12\/mobile-malware_126852062-thumb-380xauto-2252.jpg?fit=380%2C304&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":984,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/malware-detection-on-your-server\/","url_meta":{"origin":792,"position":1},"title":"Malware Detection On Your Server","author":"Daniel Draga","date":"June 26, 2017","format":false,"excerpt":"The term malware encompasses a large range of unwelcome software that is designed to damage a computer. A partial list of malware might, for example, include viruses, spyware, Trojan horses, and worms. The rapid proliferation of such software is enough to concern users of all levels, from novices to seasoned\u2026","rel":"","context":"In "Knowledgebase"","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/06\/What-is-Malware.jpg?fit=600%2C300&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/06\/What-is-Malware.jpg?fit=600%2C300&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/06\/What-is-Malware.jpg?fit=600%2C300&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":840,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/top-6-myths-about-computers-and-laptop-debunked\/","url_meta":{"origin":792,"position":2},"title":"Top 6 Myths About Computers and Laptop : Debunked","author":"Daniel Draga","date":"January 8, 2017","format":false,"excerpt":"MYTH 1: Using a laptop on your lap will fry your *ahem* babies I won\u2019t bore you with an anatomy lesson, but the short of it is that your swimmers move slower and are less potent the hotter it is down there. If you noticed, the underside of laptops tend\u2026","rel":"","context":"In "Knowledgebase"","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/39-google-incognito-window-meme.jpg?fit=450%2C476&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":784,"url":"https:\/\/www.virtono.com\/community\/tutorial-how-to\/targeted-attacks\/","url_meta":{"origin":792,"position":3},"title":"Targeted Attacks.","author":"Daniel Draga","date":"December 2, 2016","format":false,"excerpt":"More Data than Sense. As we look at the responses, most of these detection and correction efforts combine human expertise with tools and data. All efforts can be improved through access to and better interpretation of relevant data, policy-based workflows, and appropriate and facilitated automation. So what\u2019s holding these valiant\u2026","rel":"","context":"In "Knowledgebase"","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1060,"url":"https:\/\/www.virtono.com\/community\/internet-and-technology-news\/freemilk-new-phishing-campaign-to-hijack-email-conversations\/","url_meta":{"origin":792,"position":4},"title":"FreeMilk : New phishing campaign to hijack email conversations","author":"Shreyash Sharma","date":"October 8, 2017","format":false,"excerpt":"A new threat has been identified by\u00a0\u00a0Palo Alto Networks security researchers, it is a\u00a0phishing campaign used by hackers to intercept ongoing email conversations between individuals and hijack them to deploy malware.The focus on even now believes they are in contact with the particular person they had been at first messaging,\u2026","rel":"","context":"In "IT News"","block_context":{"text":"IT News","link":"https:\/\/www.virtono.com\/community\/category\/internet-and-technology-news\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/10\/FreeMilk_1.png?fit=571%2C879&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/10\/FreeMilk_1.png?fit=571%2C879&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/10\/FreeMilk_1.png?fit=571%2C879&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":1040,"url":"https:\/\/www.virtono.com\/community\/internet-and-technology-news\/locky-ransomwares-authors-big-fans-of-game-of-thrones\/","url_meta":{"origin":792,"position":5},"title":"Locky Ransomware’s Authors : Big Fans of Game Of Thrones","author":"Daniel Draga","date":"September 26, 2017","format":false,"excerpt":"One of the most viewed T.V shows of our time\u00a0Game Of Thrones has found its viewers in all forms of diversities the most recent ones are criminal-type more particularly the Authors of\u00a0Locky Ransomware. Researchers at PhishMe have found the names of various\u00a0Game Of Thrones characters and other references in the\u2026","rel":"","context":"In "IT News"","block_context":{"text":"IT News","link":"https:\/\/www.virtono.com\/community\/category\/internet-and-technology-news\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/09\/WhatsApp-Image-2017-09-25-at-07.12.16.jpeg?fit=768%2C254&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/09\/WhatsApp-Image-2017-09-25-at-07.12.16.jpeg?fit=768%2C254&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/09\/WhatsApp-Image-2017-09-25-at-07.12.16.jpeg?fit=768%2C254&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/09\/WhatsApp-Image-2017-09-25-at-07.12.16.jpeg?fit=768%2C254&ssl=1&resize=700%2C400 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/792","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/comments?post=792"}],"version-history":[{"count":1,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/792\/revisions"}],"predecessor-version":[{"id":794,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/792\/revisions\/794"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/media\/793"}],"wp:attachment":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/media?parent=792"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/categories?post=792"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/tags?post=792"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}