# Standards Reference: Mobile Malware Detection

## OWASP Mobile Top 10 2024
| ID | Risk | Malware Relevance |
|----|------|-------------------|
| M2 | Inadequate Supply Chain Security | Trojanized apps, repackaged malware |
| M8 | Security Misconfiguration | Excessive permissions enabling malware |

## NIST SP 800-163 Rev 1
- Section 5: Mobile app vetting for malware indicators
- Section 6: Enterprise mobile device management for malware prevention

## MITRE ATT&CK Mobile Matrix
| Tactic | Technique | Indicator |
|--------|-----------|-----------|
| Initial Access | T1444: Masquerade as Legitimate App | App name/icon spoofing |
| Collection | T1412: Capture SMS Messages | SMS permission + network |
| Exfiltration | T1437: Standard Application Layer Protocol | HTTP POST to C2 |
| Command and Control | T1437.001: Web Protocols | HTTPS beaconing |
| Impact | T1471: Data Encrypted for Impact | File encryption + ransom |