(IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 12, No. 8, 2021 99 | Page www.ijacsa.thesai.org Mobile Malware Classification for iOS Inspired by Phylogenetics Muhammad ‘Afif Husainiamer, Madihah Mohd Saudi * Azuan Ahmad, Amirul Syauqi Mohamad Syafiq Faculty of Science and Technology Universiti Sains Islam Malaysia Nilai, Malaysia Abstract—Cyber-attacks such as ransomware, data breaches, and phishing triggered by malware, especially for iOS (iPhone operating system) platforms, are increasing. Yet not much works on malware detection for the iOS platform have been done compared to the Android platform. Hence, this paper presents an iOS malware classification inspired by phylogenetics. It consists of mobile behaviour, exploits, and surveillance features. The new iOS classification helps to identify, detect, and predict any new malware variants. The experiment was conducted by using hybrid analysis, with twelve (12) malwares datasets from the Contagio Mobile website. As a result, twenty-nine (29) new classifications have been developed. One hundred (100) anonymous mobile applications (50 from the Apple Store and 50 from iOS Ninja) have been used for evaluation. Based on the evaluation conducted, 13% of the mobile applications matched with the developed classifications. In the future, this work can be used as guidance for other researchers with the same interest. Keywords—iOS; mobile malware; reverse engineering; exploitation; phylogenetic I. INTRODUCTION Currently, smartphones based on Android and iOS are commonly and widely used across the world. Yet, they also possess security concerns, especially security exploitation by malware such as ransomware and cryptojacking [1]. Unfortunately, the rapid increase of smartphone users contributed to mobile malware growth in the iOS environment. Malware is referred to as software that can infect devices, software, or networks with malicious attention without the owner’s consent. It can harm the victim with malicious activities such as stealing confidential information, identity theft, and spying on the victim. There are different kinds of malware such as viruses, Trojan, spyware, worms, and ransomware. It will cause a lot of chaos when the malware has successfully penetrated the smartphone system. Whenever new vulnerabilities are released, Apple will update or patch to fix the weaknesses. By keeping the patch up to date, Apple makes sure the devices are secure enough to use. The malware attacks are carried out by attacking the kernel, giving the attacker private APIs (Application Programming Interfaces) and permission, and eventually gaining confidential information about the user. Unfortunately, there is a growing number of malwares attacking iOS devices. For example, it uses private APIs to implement malicious intent and view and steal its data. Fig. 1 shows statistics on the detection of malware for iOS by Welivesecurity [2]. Compared with Android, iOS is considered more secure. For example, in the iOS platform, the hardware, software, and even their booting process are monitored and secured by Apple procedures [3]. This scenario has an impact where many attackers tend to focus on Android malware rather than on iOS. In addition, based on the Mc Afee Labs Threat report on June 2018 shows a drastic increase in malware growth, and there were almost 2.9 million samples recorded [4]. Furthermore, high-risk vulnerabilities were detected in 38 percent of iOS mobile apps in 2019 compared to 43 percent of Android mobile apps [5]. Indeed, 40 percent of iOS malware attacks in 2017 targeted banking services [6]. As in Q1 2020, new mobile malware cases have surged by 71 percent, and new iOS malware grew by over 50 percent [7]. Hence, this paper presents a new mobile malware classification for iOS inspired by phylogenetics to overcome the above challenges. Phylogenetics is a term borrowed from biology and has been mapped into the cybersecurity field. It can be used to detect and predict malicious activity. This approach consists of malware behaviour, vulnerability exploitation, and surveillance features [8]. The proposed malware classification developed in this paper can detect any malware attacks against possible social media and online banking exploitation. This new iOS classification aids in the detection, identification, and prediction of new malware variants. Fig. 1. Detection of Malware for iOS. *Corresponding Author