SophosLabsPeople are always looking to save time and money, and hopefully both, with technology. Businesses and consumers love smartphones and computers because they are massively multi-functional, super-fast and efficient. We’ve been doing this for a long time – the spork, that funny looking multi-purpose utensil, dates back to 1874!

More recently, mobile application developers have used cross-platform development tools to increase efficiency in churning out apps that work in all three of the major mobile operating systems – Android, iOS and Windows.

Malware authors are no different. At SophosLabs, we have seen an increase in malicious apps written with cross-platform development tools such as PhoneGap, Titanium, Unity, Xamarin and Cocos2d.

SophosLabs researchers William Lee and Xinran Wu explain in a new research paper – Cross-Platform Mobile Malware: Write Once, Run Everywhere – that security researchers will face greater challenges analyzing and detect these pieces of mobile malware, as cybercriminals increasingly make use of multi-platform tools to hide their malicious code.

Their research demonstrates that malware authors are using cross-platform development tools “to hide their malicious code in HTML files or specific containers loaded by cross-platform frameworks instead of the platform’s native binaries.”

This fascinating research paper (presented earlier this month at the Virus Bulletin International Conference) explores in depth the feasibility of new cross-platform mobile malware and examines the package structures of these malware.

Finally, our researchers suggest a solution for identifying an application’s framework type and writing detection signatures for malware based on those frameworks.

You can check out this paper and other SophosLabs research on our technical papers page.

About SophosLabs

SophosLabs is the global network of threat centers staffed by Sophos researchers and analysts.

Keep up to date with our latest industry-leading research and technical papers, expert opinion, and security advice at Naked Security and right here on the Sophos Blog.

Sign up for our Sophos Blog newsletter by entering your email address in the field at the top right of the blog’s webpage. Follow us on your favorite social media networks, chat with us in our forums, download our informative podcasts, or sign up for our RSS feeds.

Leave a Reply

Your email address will not be published. Required fields are marked *