Florida Polytechnic University is researching a new type of malware threat to Android devices known as “malware collusion.”
The threat includes an app that operates as it should without harm to the device until a second app is downloaded. The two apps then work in tandem to hijack the device to allow cyber-criminals to steal data or place charges on the user.
Florida Poly researcher Karim Elish is working on a solution to the problem before it becomes one.
“Most of the cybersecurity community is talking about this problem, which means it’s going to happen sooner or later,” he said. “We are trying to propose a defensive technique before it happens,” Elish, a professor in the Computer Science department, said.
Elish’s research is called “Identifying Mobile Inter-App Communication Risks” and was recently published in the journal IEEE Transactions on Mobile Computing.
“The technique we developed is based on static analysis,” Elish said. “We analyze the source code or the byte code of the apps and try to extract some kind of features that distinguish the malware collusion from the regular benign apps.”
If done successfully, Elish said Android users should be able to identify if an app they’ve downloaded is part of a malicious pair of apps working together.
The experimental evaluation outlined in the published paper was based on real apps in the Google Play online marketplace, but was tested on a proof of concept.
There are more than 2.7 million apps available in the Google Play store making this kind of cybersecurity research crucial to a growing market.
Co-authors on the research paper include Haipeng Cal, a faculty member at Washington State University; Daniel Barton, a software engineer at Lockheed Martin; Danfeng Yao, a faculty member at Virginia Tech; and Barbara Ryder, a faculty member at Virginia Tech.