Press play, install malware: a study of rhythm game-based malware dropping

IF 2.4 4区 计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS
Efstratios Vasilellis, Grigoris Gkionis, Dimitris Gritzalis
{"title":"Press play, install malware: a study of rhythm game-based malware dropping","authors":"Efstratios Vasilellis, Grigoris Gkionis, Dimitris Gritzalis","doi":"10.1007/s10207-024-00893-1","DOIUrl":null,"url":null,"abstract":"<p>Malware remains a major cybersecurity threat, often evading traditional detection methods. This study builds on our previous research with Tetris to present a more efficient covert channel attack using a Trojanized version of the rhythm game “Guitar Hero”. This new method delivers and executes malicious payloads in under 2.5 min, significantly faster than our previous Tetris-based approach. The engaging and musical nature of the rhythm game makes it more appealing to users, increasing the likelihood of attracting potential victims compared to the more monotonous Tetris. The attack encodes payloads into game levels, compelling users to make specific moves that unknowingly assemble malware on their devices, thereby evading detection. This study is the second to introduce gamification in malware transmission and the first to “force” user actions to achieve the objectives of the attacker. We provide a detailed analysis of this attack and suggest countermeasures, highlighting the necessity of human-based dynamic malware analysis and enhanced user awareness. Our findings underscore the evolving nature of cyber threats and the urgent need for innovative defensive strategies to address such sophisticated covert channel attacks.\n</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"14 1","pages":""},"PeriodicalIF":2.4000,"publicationDate":"2024-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10207-024-00893-1","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Malware remains a major cybersecurity threat, often evading traditional detection methods. This study builds on our previous research with Tetris to present a more efficient covert channel attack using a Trojanized version of the rhythm game “Guitar Hero”. This new method delivers and executes malicious payloads in under 2.5 min, significantly faster than our previous Tetris-based approach. The engaging and musical nature of the rhythm game makes it more appealing to users, increasing the likelihood of attracting potential victims compared to the more monotonous Tetris. The attack encodes payloads into game levels, compelling users to make specific moves that unknowingly assemble malware on their devices, thereby evading detection. This study is the second to introduce gamification in malware transmission and the first to “force” user actions to achieve the objectives of the attacker. We provide a detailed analysis of this attack and suggest countermeasures, highlighting the necessity of human-based dynamic malware analysis and enhanced user awareness. Our findings underscore the evolving nature of cyber threats and the urgent need for innovative defensive strategies to address such sophisticated covert channel attacks.

Abstract Image

按下播放键,安装恶意软件:基于节奏游戏的恶意软件下载研究
恶意软件仍然是一个主要的网络安全威胁,往往能躲过传统的检测方法。本研究以我们之前对俄罗斯方块的研究为基础,利用节奏游戏 "吉他英雄 "的木马化版本,提出了一种更高效的隐蔽通道攻击。这种新方法可在 2.5 分钟内发送并执行恶意有效载荷,大大快于我们以前基于俄罗斯方块的方法。与较为单调的俄罗斯方块相比,节奏游戏引人入胜的音乐性使其对用户更具吸引力,从而增加了吸引潜在受害者的可能性。这种攻击将有效载荷编码到游戏关卡中,迫使用户做出特定动作,在不知情的情况下将恶意软件组装到他们的设备上,从而逃避检测。这项研究是第二项在恶意软件传播中引入游戏化的研究,也是第一项 "强迫 "用户行动以实现攻击者目标的研究。我们对这种攻击进行了详细分析,并提出了应对措施,强调了以人为基础的动态恶意软件分析和增强用户意识的必要性。我们的研究结果强调了网络威胁不断演变的本质,以及迫切需要创新的防御策略来应对这种复杂的隐蔽渠道攻击。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
International Journal of Information Security
International Journal of Information Security 工程技术-计算机:理论方法
CiteScore
6.30
自引率
3.10%
发文量
52
审稿时长
12 months
期刊介绍: The International Journal of Information Security is an English language periodical on research in information security which offers prompt publication of important technical work, whether theoretical, applicable, or related to implementation. Coverage includes system security: intrusion detection, secure end systems, secure operating systems, database security, security infrastructures, security evaluation; network security: Internet security, firewalls, mobile security, security agents, protocols, anti-virus and anti-hacker measures; content protection: watermarking, software protection, tamper resistant software; applications: electronic commerce, government, health, telecommunications, mobility.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信