Mobile and Ubiquitous Systems: Computing, Networking, and Services. 10th International Conference, MOBIQUITOUS 2013, Tokyo, Japan, December 2-4, 2013, Revised Selected Papers

Research Article

On Malware Leveraging the Android Accessibility Framework

Download54 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-11569-6_40,
        author={Joshua Kraunelis and Yinjie Chen and Zhen Ling and Xinwen Fu and Wei Zhao},
        title={On Malware Leveraging the Android Accessibility Framework},
        proceedings={Mobile and Ubiquitous Systems: Computing, Networking, and Services. 10th International Conference, MOBIQUITOUS 2013, Tokyo, Japan, December 2-4, 2013,  Revised Selected Papers},
        proceedings_a={MOBIQUITOUS},
        year={2014},
        month={12},
        keywords={Android Malware Attack},
        doi={10.1007/978-3-319-11569-6_40}
    }
    
  • Joshua Kraunelis
    Yinjie Chen
    Zhen Ling
    Xinwen Fu
    Wei Zhao
    Year: 2014
    On Malware Leveraging the Android Accessibility Framework
    MOBIQUITOUS
    Springer
    DOI: 10.1007/978-3-319-11569-6_40
Joshua Kraunelis1,*, Yinjie Chen1,*, Zhen Ling2,*, Xinwen Fu1,*, Wei Zhao3,*
  • 1: University of Massachusetts Lowell
  • 2: Southeast University
  • 3: University of Macau
*Contact email: jkraunel@cs.uml.edu, ychen1@cs.uml.edu, zhen_ling@seu.edu.cn, xinwenfu@cs.uml.edu, weizhao@umac.mo

Abstract

The number of Android malware has been increasing dramatically in recent years. Android malware can violate users’ security, privacy and damage their economic situation. Study of new malware will allow us to better understand the threat and design effective anti-malware strategies. In this paper, we introduce a new type of malware exploiting Android’s accessibility framework and describe a condition which allows malicious payloads to usurp control of the screen, steal user credentials and compromise user privacy and security. We implement a proof of concept malware to demonstrate such vulnerabilities and present experimental findings on the success rates of this attack. We show that 100 % of application launches can be detected using this malware, and 100 % of the time a malicious Activity can gain control of the screen. Our major contribution is two-fold. First, we are the first to discover the category of new Android malware manipulating Android’s accessibility framework. Second, our study finds new types of attacks and complements the categorization of Android malware by Zhou and Jiang [21]. This prompts the community to re-think categorization of malware for categorizing existing attacks as well as predicting new attacks.