StegWare: A Novel Malware Model Exploiting Payload Steganography and Dynamic Compilation

Daniele Albanese; Rosangela Casolare; Giovanni Ciaramella; Giacomo Iadarola; Fabio Martinelli; Francesco Mercaldo; Francesco Mercaldo; Marco Russodivito; Antonella Santone

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

StegWare: A Novel Malware Model Exploiting Payload Steganography and Dynamic Compilation

Topics: Access and Usage Control; Data and Software Security; Mobile Security; Risk and Reputation Management; Security Awareness and Education; Web Applications and Services

In Proceedings of the 9th International Conference on Information Systems Security and Privacy ICISSP - Volume 1, 741-748, 2023 , Lisbon, Portugal

Authors: Daniele Albanese ¹ ; Rosangela Casolare ² ; Giovanni Ciaramella ¹ ; Giacomo Iadarola ¹ ; Fabio Martinelli ¹ ; Francesco Mercaldo ^{1

;

2} ; Marco Russodivito ² and Antonella Santone ²

Affiliations: ¹ Istituto di Informatica e Telematica, Consiglio Nazionale delle Ricerche, Pisa, Italy ; ² University of Molise, Campobasso, Italy

Keyword(s): Security, Malware, Android, Reflection, Dynamic Compiling, Dynamic Loading, Steganography.

Abstract: Android is the most widely used mobile operating system in the world. Due to its popularity, has become a target for attackers who are constantly working to develop aggressive malicious payloads aimed to steal confidential and sensitive data from our mobile devices. Despite the security policies provided by the Android operating system, malicious applications continue to proliferate on official and third-party markets. Unfortunately, current anti-malware software is unable to detect the so-called zero-day threats due to its signature-based approach. For this reason, it is necessary to develop methods aimed to enforce Android security mechanisms. With this in mind, in this paper we highlight how a series of features available in current high-level programming languages and typically used for totally legitimate purposes, can become a potential source of malicious payload injection if used in a given sequence. To demonstrate the effectiveness to perpetrate this attack, we design a new m alware model that takes advantage of several Android features inherited from the Java language, such as reflection, dynamic compilation, and dynamic loading including steganographic techniques to hide the malicious payload code. We implement the proposed malware model in the Stegware Android application. In detail, the proposed malware model is based, on the app side, on the compilation and execution of Java code at runtime and, from the attacker side, on a software architecture capable of making the new malware model automatic and distributed. We evaluate the effectiveness of the proposed malware model by submitting it to 73 free and commercial antimalware, and by demonstrating its ability to circumvent the security features of the Android operating systems and the current antimalware detection. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 3.21.244.14

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Albanese, D.; Casolare, R.; Ciaramella, G.; Iadarola, G.; Martinelli, F.; Mercaldo, F.; Russodivito, M. and Santone, A. (2023). StegWare: A Novel Malware Model Exploiting Payload Steganography and Dynamic Compilation. In Proceedings of the 9th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-624-8; ISSN 2184-4356, SciTePress, pages 741-748. DOI: 10.5220/0011859000003405

@conference{icissp23,
author={Daniele Albanese. and Rosangela Casolare. and Giovanni Ciaramella. and Giacomo Iadarola. and Fabio Martinelli. and Francesco Mercaldo. and Marco Russodivito. and Antonella Santone.},
title={StegWare: A Novel Malware Model Exploiting Payload Steganography and Dynamic Compilation},
booktitle={Proceedings of the 9th International Conference on Information Systems Security and Privacy - ICISSP},
year={2023},
pages={741-748},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011859000003405},
isbn={978-989-758-624-8},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 9th International Conference on Information Systems Security and Privacy - ICISSP
TI - StegWare: A Novel Malware Model Exploiting Payload Steganography and Dynamic Compilation
SN - 978-989-758-624-8
IS - 2184-4356
AU - Albanese, D.
AU - Casolare, R.
AU - Ciaramella, G.
AU - Iadarola, G.
AU - Martinelli, F.
AU - Mercaldo, F.
AU - Russodivito, M.
AU - Santone, A.
PY - 2023
SP - 741
EP - 748
DO - 10.5220/0011859000003405
PB - SciTePress