{"id":1877,"date":"2015-09-09T23:25:20","date_gmt":"2015-09-09T21:25:20","guid":{"rendered":"http:\/\/sseblog.ec-spride.de\/?p=1877"},"modified":"2015-09-09T23:25:20","modified_gmt":"2015-09-09T21:25:20","slug":"vb15","status":"publish","type":"post","link":"https:\/\/blogs.uni-paderborn.de\/sse\/2015\/09\/09\/vb15\/","title":{"rendered":"SSE Group together with Intel Security are presenting at VirusBulletin 2015 conference"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_1877 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_1877')){$('.twoclick_social_bookmarks_post_1877').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blogs.uni-paderborn.de\\\/sse\\\/2015\\\/09\\\/09\\\/vb15\\\/\",\"post_id\":1877,\"post_title_referrer_track\":\"SSE+Group+together+with+Intel+Security+are+presenting+at+VirusBulletin+2015+conference\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>A joint project together with McAfee (Intel Security) revealed very interesting insights into current Android Malware, in particular into Command and Control communications. We will be\u00a0presenting our results at the <a href=\"https:\/\/www.virusbtn.com\/conference\/vb2015\/abstracts\/LM1.xml\">VirusBulletin 2015<\/a> conference. We are also planning to publish a blog post with more concrete information, but if you are at VirusBulletin conference, feel free to join our talk on\u00a0<i>Thursday 1 October\u00a009:00 &#8211; 09:30.<\/i><\/p>\n<p><strong><span style=\"text-decoration: underline\">Title:<\/span> We know what you did this summer: Android banking trojan exposing its sins in the cloud<\/strong><\/p>\n<p><!--more--><\/p>\n<p>Abstract:<\/p>\n<p>Backend-as-a-Service (BaaS) solutions are a very convenient way for developers to connect their apps easily with a cloud storage. There are different BaaS solutions on the market, offered by various vendors such as Amazon, Google and Facebook. All of them provide simple APIs for common tasks such as managing database records or files. Adding a few library classes and writing three or four lines of code is sufficient to integrate cloud storage into the app.<\/p>\n<p>While usually such solutions are created for well-intentioned developers, very recently we have spotted two Android malware families that make use of BaaS solutions as well, Facebook&#8217;s in this case. Using Facebook&#8217;s BaaS solution, the malware stores stolen data, delivers commands executed remotely on the infected device and performs SMS banking fraud.<\/p>\n<p>However, malware authors are apparently unaware of how to set up a BaaS solution securely, which gave us the possibility to easily obtain access to all data they store. This gave interesting insights into their C&amp;C communication protocol and all sensitive data they stole, including requesting the current balance of credit cards associated with the device, and the attempt to perform payments and fraudulent transfer of funds via SMS messages during June and July 2015. To extract the necessary data from malicious applications automatically, we developed an automatic exploit generator that extracts credentials from the app, even if they are obfuscated, and provides access to the respective BaaS backend.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A joint project together with McAfee (Intel Security) revealed very interesting insights into current Android Malware, in particular into Command and Control communications. We will be\u00a0presenting our results at the VirusBulletin 2015 conference. We are also planning to publish a &hellip; <a href=\"https:\/\/blogs.uni-paderborn.de\/sse\/2015\/09\/09\/vb15\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":6581,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,21,51,71],"tags":[],"class_list":["post-1877","post","type-post","status-publish","format-standard","hentry","category-android","category-dynamic-analysis","category-security-analysis","category-static-analysis"],"_links":{"self":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/1877","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/users\/6581"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/comments?post=1877"}],"version-history":[{"count":0,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/1877\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/media?parent=1877"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/categories?post=1877"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/tags?post=1877"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}