检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]北京启明星辰信息安全技术有限公司,ADLab,北京
出 处:《信息技术与网络安全》2018年第1期9-16,共8页Information Technology and Network Security
摘 要:随着信息安全的发展与进步,传统恶意代码的生存空间也变得越来越狭窄。然而黑客的攻击活动并未就此而终止,他们会不断发展新攻击手段和隐藏技术来提升其恶意代码的生存能力。本文剖析的样本便是这些恶意代码之一的Android平台的新型银行木马"Moq Hao"。该银行木马为了逃避流量端监测与追踪,不仅加密了通信流量而且还利用合法的社交网络作为其C&C跳板地址;为了躲避安全软件查杀,将恶意dex加密隐藏于资源目录下;此外在银行APP钓鱼攻击的实现上还具有较大的隐蔽性和迷惑性以达到窃取银行账户的目的。本文将利用Android逆向工程技术及恶意代码分析技术深入的对该银行木马进行剖析,阐述其工作原理和实现机制。With the development and progress of information security, the survival space of traditional malware has become more and more tiny. However, the attacks have not been terminated, and the hackers will continue to exploit new attacks method and hidden technologies to improve the viability of their malicious code. The analyzed sample on this paper is one of these malware the new bank Trojan "MoqHao" of the An- droid platform . In order to escape monitoring and tracking of traffic flow, the bank Trojan do not only encrypt traffic but also use legitimate so- cial network as its springboard C&C address ; in order to escape killing of security software, the real malicious DEX file is encrypted and hidden in the resources directory ; in addition it also has great concealment and confusion in the implementation of bank phishing attacks on APP,which is in order to achieve the purpose of stealing bank account . This paper will analyze the bank Trojan by Android reverse engineering technology and malicious code analysis technology, and explain its working principle and implementation mechanism.
分 类 号:TP309.5[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.222