Paper: a timeline of mobile botnets

Posted by   Virus Bulletin on   Mar 30, 2015

Ruchna Nigam provides an overview of more than 60 mobile malware families.

The rise of mobile malware is still a relatively recent thing, with the first actual mobile botnets not appearing until the beginning of this decade.

However, since then things have changed quickly, and today there are more than one million known mobile malware samples (though not families) in existence and mobile malware is almost as common as malware targeting desktops (even if there are some fundamental differences between the two).

Today, we publish a paper by Fortinet researcher Ruchna Nigam, in which she presents a timeline of mobile botnets.

Not only does Ruchna list more than 60 mobile botnets (including well-known names such as Zitmo, NotCompatible, Xsser and DroidKungFu) and provide basic information on all of them, she also takes a closer look at some particularly interesting variants.

  Location-grabbing functionality in Android/SmsHowU, discovered in September 2010.

Moreover, in her paper Ruchna takes a look at how mobile malware, not unlike malware targeting desktop operating systems, uses anti-debugging tricks, code obfuscation and traffic encryption.

She finishes her paper by providing some statistics on mobile botnets, including the C&C channel used, the motivation behind the malware and the kinds of certificates used to sign the APK files.

You can read the paper here in HTML format or here as a PDF. (Remember that all content published by Virus Bulletin can be read free of charge, with no registration required.)

Ruchna's paper was originally presented at and published by Botconf 2014 and was republished with permission. My review of the 2014 edition of Botconf can be found here. The call for papers for its third edition, which will take place 2-4 December in Paris, France, can be found here.



Posted on 30 March 2015 by Martijn Grooten
twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

New article: Run your malicious VBA macros anywhere!

Kurt Natvig explains how he recompiled malicious VBA macro code to valid harmless Python 3.x code.

New article: Dissecting the design and vulnerabilities in AZORult C&C panels

In a new article, Aditya K Sood looks at the command-and-control (C&C) design of the AZORult malware, discussing his team's findings related to the C&C design and some security issues they identified.

VB2021 localhost call for papers: a great opportunity

VB2021 localhost presents an exciting opportunity to share your research with an even wider cross section of the IT security community around the world than usual, without having to take time out of your work schedule (or budget) to travel.

New article: Excel Formula/Macro in .xlsb?

In a follow-up to an article published last week, Kurt Natvig takes us through the analysis of a new malicious sample using the .xlsb file format.

New article: Decompiling Excel Formula (XF) 4.0 malware

In a new article, researcher Kurt Natvig takes a close look at XF 4.0 malware.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.