StegWare: A Novel Malware Model Exploiting Payload Steganography and Dynamic Compilation

Daniele Albanese; Rosangela Casolare; Giovanni Ciaramella; Giacomo Iadarola; Fabio Martinelli; Francesco Mercaldo; Francesco Mercaldo; Marco Russodivito; Antonella Santone

doi:10.5220/0011859000003405

StegWare: A Novel Malware Model Exploiting Payload Steganography and Dynamic Compilation

Daniele Albanese, Rosangela Casolare, Giovanni Ciaramella, Giacomo Iadarola, Fabio Martinelli, Francesco Mercaldo, Francesco Mercaldo, Marco Russodivito, Antonella Santone

2023

Abstract

Android is the most widely used mobile operating system in the world. Due to its popularity, has become a target for attackers who are constantly working to develop aggressive malicious payloads aimed to steal confidential and sensitive data from our mobile devices. Despite the security policies provided by the Android operating system, malicious applications continue to proliferate on official and third-party markets. Unfortunately, current anti-malware software is unable to detect the so-called zero-day threats due to its signature-based approach. For this reason, it is necessary to develop methods aimed to enforce Android security mechanisms. With this in mind, in this paper we highlight how a series of features available in current high-level programming languages and typically used for totally legitimate purposes, can become a potential source of malicious payload injection if used in a given sequence. To demonstrate the effectiveness to perpetrate this attack, we design a new malware model that takes advantage of several Android features inherited from the Java language, such as reflection, dynamic compilation, and dynamic loading including steganographic techniques to hide the malicious payload code. We implement the proposed malware model in the Stegware Android application. In detail, the proposed malware model is based, on the app side, on the compilation and execution of Java code at runtime and, from the attacker side, on a software architecture capable of making the new malware model automatic and distributed. We evaluate the effectiveness of the proposed malware model by submitting it to 73 free and commercial antimalware, and by demonstrating its ability to circumvent the security features of the Android operating systems and the current antimalware detection.

Download

Paper Citation

in Harvard Style

Albanese D., Casolare R., Ciaramella G., Iadarola G., Martinelli F., Mercaldo F., Russodivito M. and Santone A. (2023). StegWare: A Novel Malware Model Exploiting Payload Steganography and Dynamic Compilation. In Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-624-8, pages 741-748. DOI: 10.5220/0011859000003405

in Bibtex Style

@conference{icissp23,
author={Daniele Albanese and Rosangela Casolare and Giovanni Ciaramella and Giacomo Iadarola and Fabio Martinelli and Francesco Mercaldo and Marco Russodivito and Antonella Santone},
title={StegWare: A Novel Malware Model Exploiting Payload Steganography and Dynamic Compilation},
booktitle={Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2023},
pages={741-748},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011859000003405},
isbn={978-989-758-624-8},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - StegWare: A Novel Malware Model Exploiting Payload Steganography and Dynamic Compilation
SN - 978-989-758-624-8
AU - Albanese D.
AU - Casolare R.
AU - Ciaramella G.
AU - Iadarola G.
AU - Martinelli F.
AU - Mercaldo F.
AU - Russodivito M.
AU - Santone A.
PY - 2023
SP - 741
EP - 748
DO - 10.5220/0011859000003405