Welcome to Guardsquare's Malware Security Research Center

    Malware poses significant risks for mobile users, mobile service developers, and third parties. Preventing malware from causing harm is a shared responsibility of mobile operating system manufacturers, application developers, security vendors, and end users.

    This malware security center is to inform and guide all stakeholders of this shared responsibility model, but first and foremost mobile application developers to implement timely and relevant measures against malware.

    Malware can target mobile applications

    The main focus of this knowledge base is to collect and share information about how malware can attack mobile applications. The practical manifestation of an attack on an application falls into one of the two categories:

    • Spying on user data
    • Spoofing user input

    More specifically,

    --- title: Malware attacks --- graph TD fraud[Malware Attacks] fraud --> steal[Spy on user data] fraud --> spoof[Spoof user input] steal --> steal_screen[Screen] steal --> steal_clipboard[Clipboard] steal --> steal_sms[SMS] spoof --> spoof_screen[Screen] steal_screen --> a11y[Malicious accessibility service] steal_screen --> steal_keyboard[Malicious keyboard] steal_screen --> screen_rec[Screen recording] steal_screen --> activity_injection[Activity injections] steal_screen --> view_injection[View injections aka Overlays] spoof_screen --> a11y click a11y href "/mobile-app-security-research-center/malware/accessibility-service-malware" click screen_rec href "/mobile-app-security-research-center/malware/screen-capture-attacks" "Screen recording attacks" click activity_injection href "/mobile-app-security-research-center/malware/overlay-attacks" "Overlay injection attacks" click view_injection href "/mobile-app-security-research-center/malware/overlay-attacks" "Overlay injection attacks" click steal_clipboard href "/mobile-app-security-research-center/malware/clipboard-hijacking" "Clipboard attacks" click steal_sms href "/mobile-app-security-research-center/malware/sms-attacks" "SMS attacks" click steal_disk href "/mobile-app-security-research-center/malware/sms-attacks" "Task hijacking" click steal_keyboard href "/mobile-app-security-research-center/malware/keyboard-attacks" "Malicious keyboard attacks"

    Malware behavior patterns

    To be effective and efficient in deploying the attacks, malware exhibits certain behavior patterns when it comes down to:

    • Distributing malware
    • Getting the initial footprint
    • Getting updates
    • Obtaining necessary privileges
    Task Behavioral pattern
    Initial malware install Dropper applications
    Initial malware install Phishing links
    Getting updates Command and control
    Obtaining privileges Nagging

    Featured articles


    Table of contents