The impact of Android UI attacks on malware forensic footprints

Abstract

Detection evasion techniques aim to increase stealth to evade malware detection mechanisms. This dissertation explores how cross-app WebView navigation can be a viable attack surface to obscure application communication mechanisms to increase the stealth of Android RATs containing backdoors. This work also proposes a new detection technique that leverages volatile memory to expose the post-exploit attack steps and thus making the stealth technique less effective. Experiments have shown that the new attacks successfully increase the stealth of the backdoor, bypassing several current detectors. In addition, the newly proposed technique successfully repealed stealth efforts, uncovering previously hidden traces of malicious activity.