Analysis Of The Most Recent Trojans On The Android Operating System

- With the rapid advancements of electronics, the mobile operating system can accommodate various applications, which greatly facilitates people’s everyday life. With a user group of more than 2 billion, the Android platform provides a diverse ecosystem for developing and publishing all sorts of applications. Although Google’s official application store, Google Play, contains over 2 million apps, such a huge market also attracts hackers to make profits through distributing malware.

Mobile malware has rocketed since 2009. As reported by Broadcom Inc., an industry- leading security company, 2017 witnessed an increase of new mobile malware strains, com- pared with the year of 2016. Additionally, more profit-driven malware emerged with the growth of underground markets.

Due to the fragmentation problem of the Android plat- form, Android has long been the most targeted operating system suffering from attacks. To keep pace with the cutting-edge antimalware countermeasures adopted by cyber-security businesses, malware developers have abused high-level obfuscation, virtual environment recognition, conditional execution (logic bomb), run-time payload  dropping,  etc.,  to  fool their opponents (i.e., security defending products and reverse engineering tools).

These techniques are usually more obvious to trace during the evolution and diversification of a malware family. In this thesis, we take a close look into both recent Android trojans and one specific family of Android banking trojan, that infiltrates banking applications to steal credentials or trick victims to type in their  usernames  and  passwords  through  displaying fake login interfaces. 

The results indicate that Android Trojans evolves towards possessing more malicious capabilities and more diverse permutations without losing their core design, which would cause more limitations and ineffectiveness for modern security solutions.