Gaming the system: Tetromino-based covert channels and their impact on mobile security

Abstract Trojan droppers consistently emerge as formidable malware threats, particularly within the Android ecosystem. Traditional malware detection strategies focus on identifying payloads upon execution or intercepting malicious downloads from compromised sources. Despite rigorous efforts to fortify network defenses against such droppers, these measures inadvertently highlight the necessity for exploring unconventional infiltration methodologies. This study expands on covert channel attacks, proposing the utilizationof gaming platforms, notably the classic Tetris arcade game, as a novel vector for malicious payload delivery. Our methodology diverges from conventional network-based attacks by embedding malicious payloads within the game’s Tetromino pieces. Through a custom-made application that masquerades as a benign Tetris variant, we facilitate the delivery and execution of malicious payloads on target devices within 3 to 7 minutes. This process is enabled by integrating the Shikata-Ga-Nai polymorphic encoder, an autosuggestion algorithm and mapping Tetromino shapes to a Meterpreter payload, thereby innovating payload delivery via gameplay suggestions. Our work provides a novel covert channel attack methodology which merges gamification with malicious payload delivery. To the best of our knowledge, this is the first study that introduces gamification and autosuggestion mechanisms for payload delivery. We present an in-depth analysis of the proposed attack, along with a number of countermeasures to mitigate such threats, emphasizing the importance of enhanced user awareness and prudent management of application permissions.