[BSL2024] When Malware Becomes Creative - Dimitrios Valsamaras and José Leitão
HTML-код
- Опубликовано: 28 ноя 2024
- When Malware Becomes Creative: A Survey of Advanced Android Detection Evasion Tactics
Android’s rise to one of the world’s most popular operating systems has expanded its reach to billions of devices worldwide. This massive footprint is a beacon for malware developers who seek to exploit the personal data of its expansive and diverse user base. As with any operating system, Android treat actors aim to distribute their malicious software as widely as possible. Yet, the methodologies for spreading in the Android ecosystem differ significantly from those in traditional desktop environments, which historically have relied on worm-type malware for rapid propagation.
In mobile, application markets serve as a prime channel for reaching this objective, given their role in distributing billions of apps annually. However, a significant hurdle exists: to be listed on prominent platforms such as the Play Store, an app must satisfy specific criteria and undergo thorough screenings for signs of malware, both prior to and post-publication.
During our review of Android malware samples in these markets, we uncovered a multitude of evasion techniques designed to circumvent both static and dynamic detection mechanisms. From simple yet clever methods like analyzing a device’s battery level to gauge its legitimacy, to sophisticated technical tactics employing Java reflection, obfuscation, encryption, steganography, and dynamic code loading, these tactics illustrate the evolving nature of modern mobile malware.
This survey presents a thorough examination of the most advanced detection evasion techniques utilized by several of the most notorious Android malware families, with the infamous Joker and Hydra families as key examples. Our in-depth analysis elucidates the evolving sophistication of these techniques and their implications for the security of the Android ecosystem. Through this detailed exploration, we aim to provide insights that can aid in the development of more robust defense mechanisms to protect against such insidious software threats.
About the Speaker:
Dimitrios is a cybersecurity professional with expertise in mobile, web, and network penetration testing. He holds a degree in Computer Science, majoring in Cryptography and Security, and has worked with top companies like Microsoft and Google. He is frequent speaker at prominent security conferences such as BlackHat, Nullcon, Insomni’hack, and Troopers. He is passionate about reverse engineering and was a member of one of Greece’s first reverse engineering research groups.
![[BSL2024] [KEYNOTE] AI WILL TAKE UR JOB! - Pedro Ribeiro](http://i.ytimg.com/vi/0zAs7wjUhio/mqdefault.jpg)
![[BSL2024] [KEYNOTE] AI WILL TAKE UR JOB! - Pedro Ribeiro](/img/tr.png)
![[BSL2024] Inside Google’s Discovery & Remediation of a Critical CPU Vulnerability - Yousif Hussin](http://i.ytimg.com/vi/NaqPmWg71EU/mqdefault.jpg)
![[BSL2023] Dirty Stream Attack, turning Android share targets (...) - Dimitrios Valsamaras](http://i.ytimg.com/vi/5QsHrAQC3OQ/mqdefault.jpg)
![[BSL2024] The GenAI Cybercrime Armageddon - Hype or Fiction ? - Candid Wüest](/img/1.gif)