Submitted via IRC for SoyCow1937
A team of Oxford and Cambridge researchers is the latest to join a chorus of voices sounding the alarm on a new attack vector named Intra-Library Collusion (ILC) that could make identifying Android malware much harder in the upcoming future.
The research team has described the ILC attack vector in a research paper released last month and named "Intra-Library Collusion: A Potential Privacy Nightmare on Smartphones."
An ILC attack relies on threat actors using libraries to deliver malicious code, instead of standalone Android apps packed with all the malicious commands.
Apps usually require permissions for all the operations they need to perform. An ILC attack relies on spreading the malicious actions across several apps that use the same library(ies).
Each app gets different permissions, and malicious code packed in one app could use shared code from other apps — with higher privileges — to carry out malicious operations.
The advantage — for malware authors — is that investigators analyzing a compromised devices would see the breadth of malicious activities, but would exclude certain apps as the infection's source because they do not possess all the permissions needed to execute the attack.
(Score: 1, Insightful) by Anonymous Coward on Tuesday September 12 2017, @03:54PM (1 child)
There's nothing about Malware that is in any way interesting; it's the most rudimentary stuff ever—that's why our view of the malware hacker is a slobbish teenager in Eastern Europe, rather than a monocled mad scientist with crazy hair; a child could figure out most of these exploits.
Software SUCKS. It's the worst; everybody lauds the low barrier to entry (if you've got a computer, you can code), but that is exactly the reason why everything is horrible. Just whip open any software project's source in an editor, and you'll be presented immediately with trash.
As much as possible, don't use other people's software, and if you do, jail that junk.
(Score: 0) by Anonymous Coward on Tuesday September 12 2017, @06:09PM
It's true. I wrote viruses as a teen. I was a poor teenager who couldn't afford a compiler, so I wrote macro viruses for an unpopular platform which meant they didn't spread very far. As soon as I found a copy of gcc I began writing more constructive software starting with games.