Imagine someone contacting you saying they received a message from you that you never sent. You check your sent messages but the said message is not there. You get more suspicious when a second person in your contacts tells you the same, and you decide to investigate further.
Modern malware has become extremely stealthy and goes to great lengths to remain hidden, possibly for months. Sending messages is a convenient way for malware to spread to other victims or transmit private data from your phone. For example, WhatsApp Pink is a malicious application which has successfully spread itself through popular instant messaging apps (including Telegram, Signal, WhatsApp etc.) by posing as a pink-themed version of the popular messaging app.
Unfortunately, evidence of such an attack might not be found in your typical forensic mobile sources but can be found in memory. However, analysing the phone’s memory after a reported incident might not uncover anything of value because the evidence (such as sent messages) could have long been deleted by then. Our approach is different because we analyse that area in memory which is required by apps to perform computation on the phone during the incident – making it virtually impossible for the malware to evade detection when it executes.
Much like placing undercover police agents to collect evidence of potential criminal activity, several researchers within the Department of Computer Science have been working on inserting hidden probes within sensitive mobile applications that malware may target. The idea sounds simple enough but presents several challenges, mainly because engineering and inserting such probes is a delicate process which, at first glance, is not even compatible with stock devices and which, in any case, can easily upset the stability of the application and the phone in gene ..
Support the originator by clicking the read the rest link below.
