{"title":"Gaming the system: tetromino-based covert channel and its impact on mobile security","authors":"Efstratios Vasilellis, Vasileios Botsos, Argiro Anagnostopoulou, Dimitris Gritzalis","doi":"10.1007/s10207-024-00875-3","DOIUrl":null,"url":null,"abstract":"<p>Trojan droppers consistently emerge as challenging malware threats, particularly within the Android ecosystem. Traditional malware detection approaches focus on identifying payloads upon execution or intercepting malicious downloads from compromised sources. Despite efforts to harden network defenses against such droppers, malicious threat actors keep exploring unconventional infiltration approaches. This study expands on covert channel attacks, proposing the use of gaming platforms, like the classic Tetris arcade game, as a novel vector for malicious payload delivery. Our methodology diverges from conventional network-based attacks by embedding malicious payloads within the game’s Tetromino pieces. Through a custom-made application that masquerades as a benign Tetris variant, we deliver and execute malicious payloads on target devices within 3 to 7 min. This is achieved by combining the Shikata-Ga-Nai polymorphic encoder, an autosuggestion algorithm, and mapping Tetromino blocks to a Meterpreter payload to innovatively deliver malicious payloads via gameplay suggestions. Our work provides a novel covert channel attack which merges gamification with malicious payload delivery. To the best of our knowledge, this is the first study that introduces gamification and autosuggestion mechanisms for payload delivery. We present an in-depth analysis of the proposed attack, along with a number of countermeasures to mitigate such threats, emphasizing the importance of enhanced user awareness and human oversight during dynamic malware analysis.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"73 1","pages":""},"PeriodicalIF":2.4000,"publicationDate":"2024-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10207-024-00875-3","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Trojan droppers consistently emerge as challenging malware threats, particularly within the Android ecosystem. Traditional malware detection approaches focus on identifying payloads upon execution or intercepting malicious downloads from compromised sources. Despite efforts to harden network defenses against such droppers, malicious threat actors keep exploring unconventional infiltration approaches. This study expands on covert channel attacks, proposing the use of gaming platforms, like the classic Tetris arcade game, as a novel vector for malicious payload delivery. Our methodology diverges from conventional network-based attacks by embedding malicious payloads within the game’s Tetromino pieces. Through a custom-made application that masquerades as a benign Tetris variant, we deliver and execute malicious payloads on target devices within 3 to 7 min. This is achieved by combining the Shikata-Ga-Nai polymorphic encoder, an autosuggestion algorithm, and mapping Tetromino blocks to a Meterpreter payload to innovatively deliver malicious payloads via gameplay suggestions. Our work provides a novel covert channel attack which merges gamification with malicious payload delivery. To the best of our knowledge, this is the first study that introduces gamification and autosuggestion mechanisms for payload delivery. We present an in-depth analysis of the proposed attack, along with a number of countermeasures to mitigate such threats, emphasizing the importance of enhanced user awareness and human oversight during dynamic malware analysis.
期刊介绍:
The International Journal of Information Security is an English language periodical on research in information security which offers prompt publication of important technical work, whether theoretical, applicable, or related to implementation.
Coverage includes system security: intrusion detection, secure end systems, secure operating systems, database security, security infrastructures, security evaluation; network security: Internet security, firewalls, mobile security, security agents, protocols, anti-virus and anti-hacker measures; content protection: watermarking, software protection, tamper resistant software; applications: electronic commerce, government, health, telecommunications, mobility.