light bulb

Did You Know?



Reply
Posts: 5,247
Topics: 211
Kudos: 5,052
Ideas: 9
Registered: ‎02-03-2012

Droid malware cloak outwits Google Bouncer and friends

Researchers show VXers a better way to infect Mountain View's mobile OS

       Untitled-1.png


Webroot SecureAnywhere Complete Beta Tester v8.0.8.77...+ VoodooShield v2.51a Beta....working together as the NEW perfect combination! And backed up by Macrium Reflect v6

Posts: 2,046
Topics: 1,035
Kudos: 2,114
Registered: ‎10-14-2013

Dynamic Analysis tools for Android Fail to Detect Malware with Heuristic Evasion Techniques

We are quite aware of the Android malware scanner Google’s Bouncer that tests the apps by running them in a virtualized environment i.e. a simulated phone created in software which automatically scans the apps to watch its real behaviour on users’ devices, before approving them to the Play Store market.
 
To protect its users and their devices from harm, Google launched this apps scanning software tool, two year ago. Bouncer is a security feature for the Android Play store Market that is designed to protect the Android users to not to be a victim of any malicious Android malware app. But does the security tool go far enough?
 
Despite having protective shield factor, we have seen Google play store market is surrounded by many malicious apps which easily by-passes the Bouncer scan test and targets Android users.
 
Security Research from Columbia University have exploited weaknesses in Google's Bouncer service to sneak malicious apps on to the Android market. They published a new research paper, revealed that all such dynamic analysis tools and services are vulnerable to most of the evasion techniques they discovered.
 
Along with the Google bouncer, other Heuristic analysis (Dynamic) analysis tools detect malicious application based on previous knowledge of typical sequences of commands in code or of metadata (static analysis), or on behavior (dynamic analysis).
 
The research paper [pdf] titled “Rage Against the Virtual Machine: Hindering Dynamic Analysis of Android Malware” was conducted by the team of five researchers, Thanasis Petsas, Giannis Voyatzis, Elias Athanasopoulos, Michalis Polychronakis and Sotiris Ioannidis of the Institute of Computer Science from the Columbia University, USA.
 
They created some malware samples, those were able to hide themselves when analyzed in an emulated environment and hence developed the capability to bypass the heuristic-based dynamic and static analysis platforms, such as Andrubis, DroidBox, DroidScope, APK Analyzer, or APKScan.
 
A malicious program can try to infer whether it runs in an emulated environment, and therefore evade detection by pausing all malicious activities.” the researchers said. "Even trivial techniques, such as checking the value of the IMEI, are enough to evade some of the existing dynamic analysis frameworks."
 
 

SigBVIP.png original.png

Posts: 5,247
Topics: 211
Kudos: 5,052
Ideas: 9
Registered: ‎02-03-2012

Re: Dynamic Analysis tools for Android Fail to Detect Malware with Heuristic Evasion Techniques

Hi Petr

 

Thanks, but already covered by this thread:

 

https://community.webroot.com/t5/Security-Industry-News/Droid-malware-cloak-outwits-Google-Bouncer-a...

 

started yesterday...you may want to delete your thread and transfer the reference to the initial thread on the topic.

 

Regards

 

 

Baldrick

       Untitled-1.png


Webroot SecureAnywhere Complete Beta Tester v8.0.8.77...+ VoodooShield v2.51a Beta....working together as the NEW perfect combination! And backed up by Macrium Reflect v6