According to the question c04.088 of CCSP Official Practice Tests, anti-malware detection capabilities should be added to employee's devices and to the environments they connect to, if they are using APIs that the company does not approve of.
I can agree on that. But I do not know examples that devices are infected with malware via API. Should we understand the API itself is malware? Do you know those examples? If yes, please share them with me.
I'm not aware of anything specific, but it's not beyond the realms of possibility that interacting with an API could ultimately lead to a malware infection.
Whatever system you are using to interact with the API could contain a vulnerability and the data being received back by the API could potentially be crafted to trigger that vulnerability.
Or it could be something as simple as the API sends you a URL pointing to a malware infected site.
Thank you for the reference. It helped me to understand that it is not the API that infects the malware, but the malware latent in the device may make external API calls, which need to be detected.
Thought I'd share this:
A September 6, 2021 post about Android Malware: An Overview states that Android malware can abuse the Device Administrator API that is intended for Mobile Device Management.
In another example, the post states that malware can tap into the screen reader, screen tapper functionality, intended for people with disabilities. The malware can tap itself into Android Device Administrator via this API.
Here is the complete post: https://cujo.com/android-malware/
@Masahiro wrote:I can agree on that. But I do not know examples that devices are infected with malware via API. Should we understand the API itself is malware?
The API (the computer-to-computer interface) itself does not "become malware". It is more like a doorway through which any sort of bad-behavior (including malware) can pass. SQL Injection attacks are the poster-child example, notably Bobby Tables.
Although Bobby deletes a table; the same technique could potentially execute a command that downloads and installs malware.