cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Masahiro
Newcomer III

Do you know examples that devices are infected with malware via APIs?

According to the question c04.088 of CCSP Official Practice Tests, anti-malware detection capabilities should be added to employee's devices and to the environments they connect to, if they are using APIs that the company does not approve of.

 

I can agree on that. But I do not know examples that devices are infected with malware via API. Should we understand the API itself is malware? Do you know those examples? If yes, please share them with me.

Haneda, Masahiro
Certification: CISSP, CCSP, CCSK, PMP, ITIL Foundation V3
Location: Japan
My LinkedIn Profile
5 Replies
AlecTrevelyan
Community Champion

I'm not aware of anything specific, but it's not beyond the realms of possibility that interacting with an API could ultimately lead to a malware infection.

 

Whatever system you are using to interact with the API could contain a vulnerability and the data being received back by the API could potentially be crafted to trigger that vulnerability.

 

Or it could be something as simple as the API sends you a URL pointing to a malware infected site.

 

cybercyn
Viewer

https://blog.malwarebytes.com/threat-analysis/2017/10/analyzing-malware-by-api-calls/

Check this out, this article may assist you in a better understanding of real-time API malware instances.
Masahiro
Newcomer III

Thank you for the reference. It helped me to understand that it is not the API that infects the malware, but the malware latent in the device may make external API calls, which need to be detected.

 

Haneda, Masahiro
Certification: CISSP, CCSP, CCSK, PMP, ITIL Foundation V3
Location: Japan
My LinkedIn Profile
RowRocket
Newcomer I

Thought I'd share this:

 

A September 6, 2021 post about Android Malware: An Overview states that Android malware can abuse the Device Administrator API that is intended for Mobile Device Management.

 

In another example, the post states that malware can tap into the screen reader, screen tapper functionality, intended for people with disabilities. The malware can tap itself into Android Device Administrator via this API.

 

Here is the complete post: https://cujo.com/android-malware/

MA, MS, HCISPP
denbesten
Community Champion


@Masahiro wrote:

I can agree on that. But I do not know examples that devices are infected with malware via API. Should we understand the API itself is malware? 


The API (the computer-to-computer interface) itself does not "become malware". It is more like a doorway through which any sort of bad-behavior (including malware) can pass.  SQL Injection attacks are the poster-child example, notably Bobby Tables.

 

 

Although Bobby deletes a table; the same technique could potentially execute a command that downloads and installs malware.