Welcome to the VB2021 conference!

arrow left Back

TIPS#6 The use of dark patterns and psychological tricks in Android malware

Anish Patil (SonicWall)
Android malware has become an ever increasing threat in the malware landscape over the last few years. A number of innovative tricks have been observed in Android malware that are designed to circumvent security safeguards imposed by the Android Operating System (OS). Some of these tricks are created with human psychology in mind where, in some cases, the attackers make the victim perform certain actions. The motive of most Android malware is to extract some type of sensitive data from the victim. However, for some Android malware to be effective,the victim has to perform certain actions like granting specific permissions to the malicious app. The victim may not perform these actions under normal circumstances, but using user interface (UI) trickery, a malware may try to convince the user otherwise. The purpose of this talk is to highlight Dark Pattern design used in popular Android malware. This session will talk about how human psychology plays an important part in the creation of Android malware. This aspect is often overlooked when researching, analysing and understanding malware.
Anish Patil

Anish works as a threat researcher at SonicWall and analyses prevalent threats to provide detection mechanisms. He started exploring Android malware as a side project but this later expanded into much more than that. He has been analysing and studying Android malware to better understand the attack vectors, propagation mechanisms and inventive countermeasures used by malware writers to circumvent security boundaries. When not involved with malware analysis he actively participates in security meetups and conferences.