Article:

V-OS Protection against Android Plugin malware

Si Han Goi - Product Security Architect

V-OS Protection against Android Plugin malware

There has been a recent surge in Android malware abusing Android Plugin Frameworks for malicious behavior. DroidPlugin, Parallel Space and VirtualApp are several plugin frameworks that have been abused by malware in recent months to spread Android malware.

Android Plugin Frameworks Overview

Android Plugin Frameworks are a way to run multiple instances of an application on the same device. The original use case is to enable users to sign into multiple accounts of the same service, e.g. social media services such as Facebook/Instagram/Twitter. This allows the user to, for example, manage a business and personal social media account simultaneously on the same device without having to sign out/sign in.

Technology

Android Plugin Frameworks work by creating an application level virtualization framework that allows a host mobile app to dynamically load and launch another app (plugin) without actually installing it on the device. To do so, it hooks several critical Android APIs that are involved in:

  • loading/launching Android APK files without installation
  • app component lifecycle management
  • inter-plugin communication
  • plugin management.

In doing so, it is able to modify the flow of the app during runtime, and change its behavior.

Source: Anti-Plugin: Don’t Let Your Apps Play As An Android Plugin by Tongbo Luo et al

 

Malware Abuse

While Android Plugin technology has several legitimate, benign use cases, it has also been abused by malware developers, who have used it to update/install new malware without root access, evade static detection, and phish on authenticated apps without repackaging. As the plugin app runs within the host app, and the host app hooks vital Android APIs, the host app is by and large transparent to the plugin app. However, the fact that the host app is hooking the Android APIs without the plugin’s knowledge makes this a critical attack vector.

DroidPlugin in particular is an open source Android Plugin Framework SDK that allows developers to quickly create apps leveraging on Plugin technology. As shown in the charts below, it has been overwhelmingly used for malicious intents. VirtualApp is a similar Android Plugin Framework that malware authors have abused.

Source: Anti-Plugin: Don’t Let Your Apps Play As An Android Plugin by Tongbo Luo et al

 

Risks of Plugin malware

If Plugin framework malware were allowed to install trusted apps as plugins, the risks are significant. Consider a trusted banking app that is installed in a host plugin malware as a plugin. The malware could potentially intercept generated OTP images. It could also phish on user credentials during the login process, since it controls key app component management APIs.

Protections within the V-OS Trust Platform

The use and abuse of Android Plugin Frameworks are a relatively new occurrence, and the V-OS Trust Platform does not have any specific checks for it. However, plugins leverage hooking mechanisms to operate, which are already detected and blocked by V-OS App Protection. In fact, all known Plugin Frameworks currently hook on app component lifecycle management APIs, specifically ones pertaining to the creation of Activities.

The V-OS Trust Platform has a wide array of anti-hooking mechanisms to protect against reverse engineering and active attacks. Since Android Plugin Frameworks leverage on hooking to operate, the V-OS Trust Platform therefore already works out of the box to detect them. As a result, when an app leveraging on V-OS App Protection is launched as a plugin in a host app, V-OS App Protection will detect the plugin and block access to the cryptographic keys and identity. Our Security Research team has already tested a wide range of apps utilizing Android Plugin Frameworks, and verified that V-OS App Protection successfully detected when it is run as a plugin in all of them, and prevented malware attacks. The V-OS Trust Platform therefore remains secure in the presence of a Plugin Framework. What this means is that existing V-Key customers are already safe from Plugin malware.

Conclusion

Security is critical in V-Key’s entire product line, and our Security Research team continuously monitors the horizon for new and emerging threats, developing holistic mechanisms that protect against them. In addition, V-OS App Protection was also designed from the start to decouple its security from that of the untrusted underlying OS. This naturally extends to an untrusted Plugin Framework. The result is that V-Key integrates state of the art protection mechanisms that keeps our customers safe from even such zero-day attacks.

Other articles:
Article
5 Simple and Effective Ways to Secure Your Mobile App with V-OS App Shield

For businesses, especially those handling sensitive data or financial transactions, ensuring app security is no longer optional. The risk is real: attacks on mobile apps can lead to reputational damage, regulatory fines, and the loss of user trust.  

V-OS App Shield is a reliable solution designed to safeguard mobile applications. Beyond the basics of security, it offers a cost-effective approach that combines robust protection with ease of use. Here are 5 ways V-OS App Shield can enhance your mobile app security and deliver real-world benefits. 

Article
Securing Mobile Apps and Why It’s Critical for Businesses

Mobile devices continue to become indispensable, with the average smartphone user spending around 88% of their day interacting with apps. This surge in mobile usage highlights an escalating need for businesses to ensure their apps are secure, as the stakes of app security have never been higher. From retail businesses to e-commerce platforms, mobile apps handle sensitive user data and provide access to essential business systems. The consequences of a breach can be devastating, both for businesses and their users. 

Article
Introducing V-OS App Shield: Connect, Deploy and Protect your App in Minutes

Mobile applications are key to daily business operations, customer engagement, and overall functionality. According to Google, the average smartphone user interacting with nearly 10 apps daily and spending about 88% of their time on mobile, the need for strong mobile app protection has never been more pressing. Introducing V-OS App Shield, a revolutionary solution designed to secure your mobile apps fast and easy.

Article
V-Key partners with Bridge Alliance to build a Safer Digital Ecosystem

V-Key, renowned for its advanced security solutions has proudly joined Bridge Alliance as their technology Partner,  solidifying their commitment to innovation and excellence in mobile security. This partnership opens doors to explore new avenues for enhancing authentication experiences and mitigating cybersecurity risks.

Article
Making 2FA/MFA robust against smishing and related attacks

2FA/MFA was introduced to make it harder for attackers, by requiring two or more proofs of identity – also known as authentication factors. These can take many forms, but can be boiled down to: something you know (e.g., a password), something you have (e.g., a cryptographic key), or something you are (e.g., a biometric ID that is unique to you) [1].

However, 2FA/MFA is not a universal panacea that can be picked off a shelf and thrown in to solve any and all challenges presented by attackers.

Article
How do we determine the effectiveness of mobile apps’ security systems?

With the spate of remote working regime due to Coronavirus pandemic, the reliance and growth for video conferencing platform has been exponentially escalated. However, most mobile apps today are nowhere near as secure as we would like them to be.

Article
Is the detection of jailbroken/rooted phone sufficient against threats?

Functions that detect jailbroken/rooted devices are most commonly added to transactional mobile applications, serving as the most basic defense against threats. However, this is nothing but a drop in a bucket.

Article
Why Existing Mobile Software Protections are Insufficient

Recognizing that existing mobile software protections are insufficient against today’s cyber threat landscape, we take a closer look at the main types of software protections in the market.

Article
V-OS Protection against CPU vulnerabilities

Virtually every computing device in the world is made unsafe by the latest disclosures on Central Processing Unit (CPU) vulnerabilities. Find out how the virtual secure element technology is protecting millions of mobile application users against such vulnerabilities.

Article
Three steps to fight the Mobile Security status quo

Have financial institutions accepted a status quo that sacrifices user experience for increased security? With mobile digital identity quickly becoming central to an entire suite of online services, those who challenge the status quo will set themselves up to prosper and grow. Read more to find out three oft-ignored areas of research.

Article
Cryptography in V-OS

V-OS is the world’s first virtual secure element. Cryptography plays a dual-role in these; to secure and manage the secrets kept within V-OS, and to provide a lightweight yet comprehensive cryptographic library.

Article
Building V-OS with HSM

V-OS is the world’s first virtual secure element, a software solution with security built into the firmware code. These include secret cryptographic parameters and data, which need to be randomly generated and securely persisted, and are then transformed into code and data files.

Article
How does a Virtual Smart card protect a customer if they lose or change their mobile phone?

From banks to government agencies, many organisations are intrigued by and exploring software security solutions such as mobile tokens and mobile identity systems for individual identification, authorisation and authentication.

Article
Is software-based Biometrics Authentication the solution to ASEAN’s regulatory challenges?

Banks in Southeast Asia should look towards software-based biometrics as the way forward to navigate the regulatory differences in the region and secure their customers’ transactions.

Article
Infographic: The next frontier in Banking transformation

As technology evolves, banks and financial institutions have no choice but to innovate. However, when it comes to security, many still rely on traditional, costly methods.

Article
Mobile Security that works for everyone

Safe, convenient and simple.

Article
The next wave of Finance: Singapore’s growing Fintech market

With global cumulative investment in financial technology (fintech) forecast to exceed US$150 billion in three to five years, economies around the world are vying to attract fintech innovators and cash in on this growing industry.