The call from McAfee came as a surprise to Siegfried Rasthofer and Steven Arzt: Approximately 20,000 Asians had fallen victim to a massive data theft attack. The virus spread further, but the expert producer of antivirus software could not identify the perpetrator. This provided these computer scientists from the Technical University of Darmstadt and Fraunhofer SIT (both in Germany) with an excellent opportunity to put their CodeInspect tool to the test in an emergency scenario. Within three minutes, the tool had found that a fake banking app had sent sensitive data to an e-mail address the crooks had set up. Even SMS messages sent to the victim were redirected to this address via the fake app. The attackers wanted to access the necessary mTans banking activities.
As part of their doctoral theses, the researchers developed this analysis tool, which tracks malicious Android apps and Java programs much faster and more precisely. Speed is crucial when it comes to stopping manipulated apps that hike up the phone bill or transform a mobile phone into a spambot. Rasthofer and Arzt found a way to represent the code pertaining to suspect apps so that even programmers who are not software security specialists can understand where the malicious process is hiding.
Currently, both researchers are continuing their work at the Fraunhofer SIT to further advance CodeInspect to market maturity. Prospective customers already exist: antivirus producers, Internet companies, producers of apps and security companies and agencies. No wonder, given the havoc which the estimated 180 million euros in damages generated by malware wreaks in this country each year.