Press play, install malware: a study of rhythm game-based malware dropping

IF 2.4 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS International Journal of Information Security Pub Date : 2024-07-29 DOI:10.1007/s10207-024-00893-1

Efstratios Vasilellis, Grigoris Gkionis, Dimitris Gritzalis

{"title":"Press play, install malware: a study of rhythm game-based malware dropping","authors":"Efstratios Vasilellis, Grigoris Gkionis, Dimitris Gritzalis","doi":"10.1007/s10207-024-00893-1","DOIUrl":null,"url":null,"abstract":"<p>Malware remains a major cybersecurity threat, often evading traditional detection methods. This study builds on our previous research with Tetris to present a more efficient covert channel attack using a Trojanized version of the rhythm game “Guitar Hero”. This new method delivers and executes malicious payloads in under 2.5 min, significantly faster than our previous Tetris-based approach. The engaging and musical nature of the rhythm game makes it more appealing to users, increasing the likelihood of attracting potential victims compared to the more monotonous Tetris. The attack encodes payloads into game levels, compelling users to make specific moves that unknowingly assemble malware on their devices, thereby evading detection. This study is the second to introduce gamification in malware transmission and the first to “force” user actions to achieve the objectives of the attacker. We provide a detailed analysis of this attack and suggest countermeasures, highlighting the necessity of human-based dynamic malware analysis and enhanced user awareness. Our findings underscore the evolving nature of cyber threats and the urgent need for innovative defensive strategies to address such sophisticated covert channel attacks.\n</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"14 1","pages":""},"PeriodicalIF":2.4000,"publicationDate":"2024-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10207-024-00893-1","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Malware remains a major cybersecurity threat, often evading traditional detection methods. This study builds on our previous research with Tetris to present a more efficient covert channel attack using a Trojanized version of the rhythm game “Guitar Hero”. This new method delivers and executes malicious payloads in under 2.5 min, significantly faster than our previous Tetris-based approach. The engaging and musical nature of the rhythm game makes it more appealing to users, increasing the likelihood of attracting potential victims compared to the more monotonous Tetris. The attack encodes payloads into game levels, compelling users to make specific moves that unknowingly assemble malware on their devices, thereby evading detection. This study is the second to introduce gamification in malware transmission and the first to “force” user actions to achieve the objectives of the attacker. We provide a detailed analysis of this attack and suggest countermeasures, highlighting the necessity of human-based dynamic malware analysis and enhanced user awareness. Our findings underscore the evolving nature of cyber threats and the urgent need for innovative defensive strategies to address such sophisticated covert channel attacks.

Abstract Image

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

按下播放键，安装恶意软件：基于节奏游戏的恶意软件下载研究

恶意软件仍然是一个主要的网络安全威胁，往往能躲过传统的检测方法。本研究以我们之前对俄罗斯方块的研究为基础，利用节奏游戏 "吉他英雄 "的木马化版本，提出了一种更高效的隐蔽通道攻击。这种新方法可在 2.5 分钟内发送并执行恶意有效载荷，大大快于我们以前基于俄罗斯方块的方法。与较为单调的俄罗斯方块相比，节奏游戏引人入胜的音乐性使其对用户更具吸引力，从而增加了吸引潜在受害者的可能性。这种攻击将有效载荷编码到游戏关卡中，迫使用户做出特定动作，在不知情的情况下将恶意软件组装到他们的设备上，从而逃避检测。这项研究是第二项在恶意软件传播中引入游戏化的研究，也是第一项 "强迫 "用户行动以实现攻击者目标的研究。我们对这种攻击进行了详细分析，并提出了应对措施，强调了以人为基础的动态恶意软件分析和增强用户意识的必要性。我们的研究结果强调了网络威胁不断演变的本质，以及迫切需要创新的防御策略来应对这种复杂的隐蔽渠道攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

International Journal of Information Security 工程技术-计算机：理论方法

CiteScore

6.30

自引率

3.10%

发文量

审稿时长

12 months

期刊介绍： The International Journal of Information Security is an English language periodical on research in information security which offers prompt publication of important technical work, whether theoretical, applicable, or related to implementation. Coverage includes system security: intrusion detection, secure end systems, secure operating systems, database security, security infrastructures, security evaluation; network security: Internet security, firewalls, mobile security, security agents, protocols, anti-virus and anti-hacker measures; content protection: watermarking, software protection, tamper resistant software; applications: electronic commerce, government, health, telecommunications, mobility.