Description: Synopsis: Attackers are starting to move on from simple attacks, mainly because users are starting to figure out that the free adult entertainment or chat app shouldn’t be sending SMS messages to expensive numbers. They’re leveraging techniques from PC malware like server-side polymorphism, vulnerability exploits, botnets and network updates, and preemptive/direct attacks against security software.
It’s not all that bad. Attackers aren’t going out of their way to discover their own vulnerabilities or writing their own exploits. They’re happy to repurpose the work done by legitimate developers, security researchers and the rooting community.
If the malware has gotten trickier, what are those tricks? We’ll look at portions of code (bytecode/decompiled Java source & disassemblies) from in the wild mobile malware and show how earlier research is adapted by attackers.