How Android malware fight (and we fight back)

Those slides were presented at the CARO Workshop, May 2014. Malware authors certainly are creative when it comes to hiding their payloads from analysts' eyes: emulator detection, application icon hiding, reflection etc. In this talk, we specifically focus on obfuscation techniques. We first walk through recent cases we encountered while analyzing Android malware, and provide hints for anti-virus analysts to detect those techniques and ease the reverse engineering of samples. Second, we highlight a few novel techniques which analysts may encounter in the future, and explain how to get prepared.


Malware authors certainly are creative when it comes to hiding their payloads from analysts' eyes: emulator detection, application icon hiding, reflection etc. In this talk, we specifically focus on obfuscation techniques.
We first walk through recent cases we encountered while analyzing Android malware, and provide hints for anti-virus analysts to detect those techniques and ease the reverse engineering of samples.
Second, we highlight a few novel techniques which analysts may encounter in the future, and explain how to get prepared.

References

https://2014.caro.org