Xlab
Device Monitor for Android from Xlab
Botnet hunting on Android mobile devices
The cyber threat of botnets is of great concern due to the way and intensity it is spreading, using countless hijacked resources to realize cyber-attacks. Since the vast majority of the C&C communications are HTTP-based, similar techniques that apply on personal computers and existing malware infrastructure can be reused on mobile devices
Device Monitor offers an integrated system consisting of a mobile application integrated with an Intrusion Detection System (IDS) and an analytics services capable of detecting bots on mobile devices. Besides detection of the mobile bots we are capable of correlating the events on the mobile device with events detected earlier on the device or devices within the same network, thus detecting possibly malicious actions. Correlation of related events on the device is important in order to detect an application that is installed on the mobile device and is capable of stealing private data and sharing it with external malicious servers/users. This implies detecting a bot stealing user’s personal data from the mobile device. The aggregator of external resources about malicious applications and URLs is modular and is capable to aggregate the datum used in the correlation from well- known external sources, thus introducing extensibility and much needed crowd-sourcing of data