@techreport{	TUD-CS-2015-0065,
	author = {Siegfried Rasthofer and Irfan Asrar and Stephan Huber and Eric Bodden},
	title = {An Investigation of the Android/BadAccents Malware which Exploits a new
Android Tapjacking Attack},
	month = apr,
	year = {2015},
	institution = {TU Darmstadt, Fraunhofer SIT and McAfee Mobile Research},
	keywords = {Botnet, ThreatCampaign, AndroidMalware, CodeAnalysis, Banking Trojans,
Vulnerability},
	pubkey = {TUD-CS-2015-0065},
	research_area = {CASED, EC SPRIDE},
	research_sub_area = {Secure Software Engineering Group},
	abstract = {We report on a new threat campaign, underway in Korea, which infected
around 20,000 Android users within two months. The campaign attacked mobile
users with malicious applications spread via different channels, such as
email attachments or SMS spam. A detailed investigation of the Android
malware resulted in the identification of a new Android malware family
Android/BadAccents. The family represents current state-of-the-art in
mobile malware development for banking trojans.
In this paper, we describe in detail the techniques this malware family
uses and confront them with current state-of-the-art static and dynamic
code-analysis techniques for Android applications. We highlight various
challenges for automatic malware analysis frameworks that significantly
hinder the fully automatic detection of malicious components in the mal-
ware. Furthermore, the malware exploits a previously unknown tapjacking
vulnerability in the Android operating system, which we describe in detail.
As a result of this work, the vulnerability, affecting all Android
versions, has been patched in the Android Open Source Project.},
	pdf = {fileadmin/user_upload/Group_EC-Spride/Publikationen/BadAccents_TR.pdf},
}