Android Malware Evasion Framework For Auditing Anti-Malware Resistance Against Various Obfuscation Technique And Dynamic Code Loading

Abstract

Malware is one of the biggest threats to the Android system today. Anti-malware researchers and malware developers are constantly competing to produce their best product. In this study we tried to evaluate the robustness of anti-malware on the market by auditing it from the point of view of malware authors. By understanding how an attack technique is developed, hopefully we can come up with better defenses in the future. Several studies have shown that transformation with code obfuscation and the use of dynamic code loading has proven to be effective in avoiding detection. But the research so far has only focused on how to bypass anti-malware. Existing studies have not discussed how to bypass Play Protect and permission based checks on the android system and get permission from the user. We propose a framework for auditing anti-malware using various obfuscation techniques and dynamic code loading. Malware will be embedded into legitimate apps to bypass play protect detection. This framework has a mechanism to check and add a number of permissions that malware needs into the application and force the user to grant permissions at runtime. In addition we also added a feature to randomize the order of the obfuscation process and also randomly generate certificates. From the experiments we conducted, each of these features was able to reduce the detection rate of the virustotal by 50%. The overall implementation and testing of our framework shows a significant reduction in detection. The malware was also successfully installed on the real device and carried out its functions properly without being detected.