Dual-force: Understanding webview malware via cross-language forced execution

13Citations
Citations of this article
25Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Modern Android malwares tend to use advanced techniques to cover their malicious behaviors. They usually feature multi-staged, condition-guarded and environment-specific payloads. An increasing number of them utilize WebView, particularly the two-way communications between Java and JavaScript, to evade detection and analysis of existing techniques. We propose Dual-Force, a forced execution technique which simultaneously forces both Java and JavaScript code of WebView applications to execute along various paths without requiring any environment setup or providing any inputs manually. As such, the hidden payloads of WebView malwares are forcefully exposed. The technique features a novel execution model that allows forced execution to suppress exceptions and continue execution. Experimental results show that Dual-Force precisely exposes malicious payload in 119 out of 150 WebView malwares. Compared to the state-of-the-art, Dual-Force can expose 23% more malicious behaviors.

Cite

CITATION STYLE

APA

Tang, Z., Zhai, J., Pan, M., Aafer, Y., Ma, S., Zhang, X., & Zhao, J. (2018). Dual-force: Understanding webview malware via cross-language forced execution. In ASE 2018 - Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering (pp. 714–725). Association for Computing Machinery, Inc. https://doi.org/10.1145/3238147.3238221

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free