StegWare: A Novel Malware Model Exploiting Payload Steganography and Dynamic Compilation
Daniele Albanese, Rosangela Casolare, Giovanni Ciaramella, Giacomo Iadarola, Fabio Martinelli, Francesco Mercaldo, Francesco Mercaldo, Marco Russodivito, Antonella Santone
2023
Abstract
Android is the most widely used mobile operating system in the world. Due to its popularity, has become a target for attackers who are constantly working to develop aggressive malicious payloads aimed to steal confidential and sensitive data from our mobile devices. Despite the security policies provided by the Android operating system, malicious applications continue to proliferate on official and third-party markets. Unfortunately, current anti-malware software is unable to detect the so-called zero-day threats due to its signature-based approach. For this reason, it is necessary to develop methods aimed to enforce Android security mechanisms. With this in mind, in this paper we highlight how a series of features available in current high-level programming languages and typically used for totally legitimate purposes, can become a potential source of malicious payload injection if used in a given sequence. To demonstrate the effectiveness to perpetrate this attack, we design a new malware model that takes advantage of several Android features inherited from the Java language, such as reflection, dynamic compilation, and dynamic loading including steganographic techniques to hide the malicious payload code. We implement the proposed malware model in the Stegware Android application. In detail, the proposed malware model is based, on the app side, on the compilation and execution of Java code at runtime and, from the attacker side, on a software architecture capable of making the new malware model automatic and distributed. We evaluate the effectiveness of the proposed malware model by submitting it to 73 free and commercial antimalware, and by demonstrating its ability to circumvent the security features of the Android operating systems and the current antimalware detection.
DownloadPaper Citation
in Harvard Style
Albanese D., Casolare R., Ciaramella G., Iadarola G., Martinelli F., Mercaldo F., Russodivito M. and Santone A. (2023). StegWare: A Novel Malware Model Exploiting Payload Steganography and Dynamic Compilation. In Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-624-8, pages 741-748. DOI: 10.5220/0011859000003405
in Bibtex Style
@conference{icissp23,
author={Daniele Albanese and Rosangela Casolare and Giovanni Ciaramella and Giacomo Iadarola and Fabio Martinelli and Francesco Mercaldo and Marco Russodivito and Antonella Santone},
title={StegWare: A Novel Malware Model Exploiting Payload Steganography and Dynamic Compilation},
booktitle={Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2023},
pages={741-748},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011859000003405},
isbn={978-989-758-624-8},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - StegWare: A Novel Malware Model Exploiting Payload Steganography and Dynamic Compilation
SN - 978-989-758-624-8
AU - Albanese D.
AU - Casolare R.
AU - Ciaramella G.
AU - Iadarola G.
AU - Martinelli F.
AU - Mercaldo F.
AU - Russodivito M.
AU - Santone A.
PY - 2023
SP - 741
EP - 748
DO - 10.5220/0011859000003405