Stories
Slash Boxes
Comments

SoylentNews is people

Intra-Library Collusion Attacks Open the Door for a Whole New Kind of Android Malware

posted by Fnord666 on Tuesday September 12 2017, @03:44PM   Printer-friendly
from the you-wash-my-back... dept.

MrPlow writes:

Submitted via IRC for SoyCow1937

A team of Oxford and Cambridge researchers is the latest to join a chorus of voices sounding the alarm on a new attack vector named Intra-Library Collusion (ILC) that could make identifying Android malware much harder in the upcoming future.

The research team has described the ILC attack vector in a research paper released last month and named "Intra-Library Collusion: A Potential Privacy Nightmare on Smartphones."

An ILC attack relies on threat actors using libraries to deliver malicious code, instead of standalone Android apps packed with all the malicious commands.

Apps usually require permissions for all the operations they need to perform. An ILC attack relies on spreading the malicious actions across several apps that use the same library(ies).

Each app gets different permissions, and malicious code packed in one app could use shared code from other apps — with higher privileges — to carry out malicious operations.

The advantage — for malware authors — is that investigators analyzing a compromised devices would see the breadth of malicious activities, but would exclude certain apps as the infection's source because they do not possess all the permissions needed to execute the attack.

Source: https://www.bleepingcomputer.com/news/security/intra-library-collusion-attacks-open-the-door-for-a-whole-new-kind-of-android-malware/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Intra-Library Collusion Attacks Open the Door for a Whole New Kind of Android Malware | Log In/Create an Account | Top | 42 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Tuesday September 12 2017, @05:54PM (3 children)

    by Anonymous Coward on Tuesday September 12 2017, @05:54PM (#566875)

    Trying to assign permissions to libraries seems a damned half assed way to address security issues.

    Take a look at the sudo binary. It's got the setuid flag set and is owned by root. This is why, when you sudo something, whatever you run, runs as root. Sudo just validates a password and if successful, runs the binary you tell it to run in its own context (i.e. as user 0 - root)

  • (Score: 0) by Anonymous Coward on Tuesday September 12 2017, @07:40PM

    by Anonymous Coward on Tuesday September 12 2017, @07:40PM (#566934)

    And them what?

  • (Score: 2) by maxwell demon on Tuesday September 12 2017, @08:00PM (1 child)

    by maxwell demon (1608) on Tuesday September 12 2017, @08:00PM (#566941) Journal

    That's not a library.

    --
    The Tao of math: The numbers you can count are not the real numbers.

    • (Score: 0) by Anonymous Coward on Wednesday September 13 2017, @01:53AM

      by Anonymous Coward on Wednesday September 13 2017, @01:53AM (#567045)

      Indeed, but it is permissions assigned to code, as opposed to the thing that invokes the code.