Gaming the system: tetromino-based covert channel and its impact on mobile security

IF 2.4 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Information Security Pub Date : 2024-06-28 DOI:10.1007/s10207-024-00875-3

Efstratios Vasilellis, Vasileios Botsos, Argiro Anagnostopoulou, Dimitris Gritzalis

{"title":"Gaming the system: tetromino-based covert channel and its impact on mobile security","authors":"Efstratios Vasilellis, Vasileios Botsos, Argiro Anagnostopoulou, Dimitris Gritzalis","doi":"10.1007/s10207-024-00875-3","DOIUrl":null,"url":null,"abstract":"<p>Trojan droppers consistently emerge as challenging malware threats, particularly within the Android ecosystem. Traditional malware detection approaches focus on identifying payloads upon execution or intercepting malicious downloads from compromised sources. Despite efforts to harden network defenses against such droppers, malicious threat actors keep exploring unconventional infiltration approaches. This study expands on covert channel attacks, proposing the use of gaming platforms, like the classic Tetris arcade game, as a novel vector for malicious payload delivery. Our methodology diverges from conventional network-based attacks by embedding malicious payloads within the game’s Tetromino pieces. Through a custom-made application that masquerades as a benign Tetris variant, we deliver and execute malicious payloads on target devices within 3 to 7 min. This is achieved by combining the Shikata-Ga-Nai polymorphic encoder, an autosuggestion algorithm, and mapping Tetromino blocks to a Meterpreter payload to innovatively deliver malicious payloads via gameplay suggestions. Our work provides a novel covert channel attack which merges gamification with malicious payload delivery. To the best of our knowledge, this is the first study that introduces gamification and autosuggestion mechanisms for payload delivery. We present an in-depth analysis of the proposed attack, along with a number of countermeasures to mitigate such threats, emphasizing the importance of enhanced user awareness and human oversight during dynamic malware analysis.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"73 1","pages":""},"PeriodicalIF":2.4000,"publicationDate":"2024-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10207-024-00875-3","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Trojan droppers consistently emerge as challenging malware threats, particularly within the Android ecosystem. Traditional malware detection approaches focus on identifying payloads upon execution or intercepting malicious downloads from compromised sources. Despite efforts to harden network defenses against such droppers, malicious threat actors keep exploring unconventional infiltration approaches. This study expands on covert channel attacks, proposing the use of gaming platforms, like the classic Tetris arcade game, as a novel vector for malicious payload delivery. Our methodology diverges from conventional network-based attacks by embedding malicious payloads within the game’s Tetromino pieces. Through a custom-made application that masquerades as a benign Tetris variant, we deliver and execute malicious payloads on target devices within 3 to 7 min. This is achieved by combining the Shikata-Ga-Nai polymorphic encoder, an autosuggestion algorithm, and mapping Tetromino blocks to a Meterpreter payload to innovatively deliver malicious payloads via gameplay suggestions. Our work provides a novel covert channel attack which merges gamification with malicious payload delivery. To the best of our knowledge, this is the first study that introduces gamification and autosuggestion mechanisms for payload delivery. We present an in-depth analysis of the proposed attack, along with a number of countermeasures to mitigate such threats, emphasizing the importance of enhanced user awareness and human oversight during dynamic malware analysis.

Abstract Image

查看原文本刊更多论文

博弈系统：基于四色棋的隐蔽通道及其对移动安全的影响

木马程序一直是具有挑战性的恶意软件威胁，尤其是在安卓生态系统中。传统的恶意软件检测方法侧重于在执行时识别有效载荷或拦截来自受攻击源的恶意下载。尽管人们在努力加强网络防御以抵御此类下载程序，但恶意威胁行为者仍在不断探索非常规的渗透方法。本研究扩展了隐蔽渠道攻击，提出利用游戏平台（如经典的俄罗斯方块街机游戏）作为恶意有效载荷传输的新载体。我们的方法不同于传统的网络攻击，而是在游戏的俄罗斯方块中嵌入恶意有效载荷。通过一个伪装成良性俄罗斯方块变体的定制应用程序，我们可以在 3 到 7 分钟内在目标设备上传输和执行恶意有效载荷。我们将 Shikata-Ga-Nai 多态编码器、自动建议算法和俄罗斯方块映射到 Meterpreter 有效载荷相结合，通过游戏建议创新性地发送恶意有效载荷。我们的工作提供了一种新颖的隐蔽信道攻击，它将游戏化与恶意有效载荷传输融为一体。据我们所知，这是首次将游戏化和自动建议机制引入有效载荷传输的研究。我们对所提出的攻击进行了深入分析，并提出了一系列缓解此类威胁的对策，强调了在动态恶意软件分析过程中增强用户意识和人工监督的重要性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Information Security 工程技术-计算机：理论方法

CiteScore

6.30

自引率

3.10%

发文量

审稿时长

12 months

期刊介绍： The International Journal of Information Security is an English language periodical on research in information security which offers prompt publication of important technical work, whether theoretical, applicable, or related to implementation. Coverage includes system security: intrusion detection, secure end systems, secure operating systems, database security, security infrastructures, security evaluation; network security: Internet security, firewalls, mobile security, security agents, protocols, anti-virus and anti-hacker measures; content protection: watermarking, software protection, tamper resistant software; applications: electronic commerce, government, health, telecommunications, mobility.