Cross-platform mobile malware: write once run everywhere

Friday 2 October 14:00 - 14:30, Small talks

William Lee (Sophos)
Xinran Wu (Sophos)

  download slides (PDF)

Every day, thousands of new mobile apps are published on mobile app stores including the Google Play store and iOS app store. While many of them are native apps, others are cross-platform mobile or HTML-based hybrid apps developed by cross-platform mobile development tools. Native apps either for Android or iOS are usually written using Android SDK or Xcode tools. However, malware authors have plenty of choices when it comes to writing or repacking mobile malware that targets multiple platforms.

At SophosLabs, we have seen an increase in malicious apps written with cross-platform development tools such as PhoneGap. These pieces of malware hide malicious code in HTML files or tools' specific containers instead of the platform's native binaries. Considering the platform-independent characteristics, it is possible to foresee that more mobile malware and PUA families will be released across different mobile platforms including Android, iOS and Windows Mobile. Many game apps have been developed with cross-platform tools like Unity, Corona and Cocos2d. Each tool generates its own executable format that can be used to package hidden malicious payloads. As a result, security researchers will be facing a great challenge to analyse and detect these pieces of mobile malware.

This paper will research the feasibility of new cross-platform mobile malware and test whether existing virus scanners can detect them. We will also analyse their package structures and discuss technical issues and finally suggest a solution to the problems.

Click here for more details about the conference.

William Lee

William Lee

William Lee is a senior threat researcher at SophosLabs and holds a Master's degree in IT from the University of Sydney. Prior to joining Sophos, he developed mobile platforms and applications at Samsung for Samsung's Galaxy and Bada devices and he also implemented static and dynamic analysis systems for Android at Symantec. He currently spends his time carrying out in-depth analysis of Android malware and research on malware clustering. In his free time, William enjoys playing tennis and kayaking in Sydney.

Xinran Wu

Xinran Wu

Xinran Wu graduated from the University of New South Wales in Australia. He has been working as a Threat Researcher at SophosLabs for over six years where he has been reversing and analysing malware for various platforms. His current research areas include Mac threats, and also Android threats. Xinran enjoys reading and playing tennis in his free time.