Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Threat Added: Hiding Application Icon #335

Open
wants to merge 15 commits into
base: nist-pages
Choose a base branch
from
Open

New Threat Added: Hiding Application Icon #335

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
6583c88
added reference for APP-3
samz-cs Jul 25, 2022
888645d
added space before reference 309
samz-cs Jul 25, 2022
c71f898
Updated link for APP-14 [^70]
samz-cs Jul 26, 2022
e41e1df
Updated working link in [^71], for APP-5
samz-cs Jul 26, 2022
89b6a7c
#319: PAY-5 [^250] link changed
samz-cs Jul 28, 2022
a08d6cc
#320: PHY-3 [^146] link changed
samz-cs Jul 28, 2022
25da262
#321: PHY-2 and STA-42 [^143] [^144] link changed
samz-cs Jul 28, 2022
f987662
#322: ECO-0 [^193] link changed
samz-cs Jul 28, 2022
c00942b
#323: STA-40 [^S-Konstantaras-1] link changed
samz-cs Jul 28, 2022
90987d0
reverting commits that were meant for 316
samz-cs Jul 28, 2022
83a23ac
undo
samz-cs Jul 28, 2022
f6a6272
revert to og nist-pages
samz-cs Aug 1, 2022
2445b5e
added content for new threat
samz-cs Aug 1, 2022
699a300
added references for hiding app threat
samz-cs Aug 1, 2022
4219437
added spaces
samz-cs Aug 4, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions _application-threats/APP-44.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
---
layout: threat
ThreatCategory: Malicious or privacy-invasive application
ID: APP-44
Threat: Hiding Application Icon
ThreatDescription: Malware may hide its icon after installation, making detection by the user more difficult.
ThreatOrigin: Self-Hiding Behavior in Android Apps: Detection and Characterization [^310]
ExploitExample:
- Android Trojan steals money from PayPal accounts even with 2FA on [^311]
- Is Mobile Malware Playing Hide and Steal on Your Device? [^312]
CVEExample:
- Not Applicable
PossibleCountermeasures:
Enterprise:
- Deploy MAM or MDM solutions with policies that prohibit the sideloading of apps, which may bypass security checks on the app.
- Deploy MAM or MDM solutions with policies that prohibit the installation of apps from 3rd party (unofficial) app stores.
- Perform application vetting to identify inappropriate behaviors by apps including permission requests made by the apps
Mobile Device User:
- Consider the use of devices that support Android 10.0 and later, in which getActivityList() was modified to limit the ability for apps to hide their launcher icons.
title: APP-44
rawID: 44
---
10 changes: 10 additions & 0 deletions _includes/references.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -558,3 +558,13 @@
[^307]: Security Research Labs, _New SIM attacks de-mystified, protection tools now available_, blog; https://srlabs.de/bites/sim_attacks_demystified/ [accessed 12/03/2019]

[^308]: Wikipedia, _Side-channel attack_; https://en.wikipedia.org/wiki/Side-channel_attack [accessed 12/09/2019]





[^311] Z.Shan et al., _Self-Hiding Behavior in Android Apps: Detection and Characterization_; presented at International Conference on Software Engineering, 2018, https://ieeexplore.ieee.org/document/8453145 [accessed 8/1/2022]

[^312] L. Stefanko, _Android Trojan steals money from PayPal accounts even with 2FA on_; welivesecurity, blog, 11 Dec 2018, https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/ [accessed 8/1/2022]

[^313] McAfee, _Is Mobile Malware Playing Hide and Steal on Your Device?_; McAfee, blog, https://www.mcafee.com/blogs/mobile-security/mobile-threat-report-q1-2020/ [accessed 8/1/2022]