Research Centre

[Nuit du Hack 2015] Criminal Profiling: Android Malware

Statistics over 1,000,000 Android malware! That's what you get in this talk. This work is unique - and the unique must be fulfilled ;) - because of the amount of samples analyzed, and also because it provides detailed information of how Android malware are implemented (habits, frequent tricks etc). The research refreshes the results of the Android Malware Genome project, which dates back to 2011, and shows the evolution of the Android malware scene. Compared to PlayDrone (SIGMETRICS 14) or Andrubis (BADGERS'14), it focuses exclusively on malware with statistics on code-level properties. From this data, we draw up a profile for Android malware and debunk false impressions. For example, contrary to general belief, use of root-level exploits is not particularly more frequent in malware (2%) than in clean applications. Of course, I explain how I compute those stats, and the limits of this study. This talk should be refreshing, with plenty of tweetable data ;P
Talk Slides


Statistics over 1,000,000 Android malware! That's what you get in this talk.
This work is unique - and the unique must be fulfilled ;) - because of the amount of samples analyzed, and also because
it provides detailed information of how Android malware are implemented (habits, frequent tricks etc).
The research refreshes the results of the Android Malware Genome project, which
dates back to 2011, and shows the evolution of the Android malware scene.
Compared to PlayDrone (SIGMETRICS 14) or Andrubis (BADGERS'14),
it focuses exclusively on malware with statistics on code-level properties.
From this data, we draw up a profile for Android malware and debunk false impressions. For example, contrary to general belief, use of root-level exploits is not particularly more frequent in malware (2%) than in clean applications.
Of course, I explain how I compute those stats, and the limits of this study.
This talk should be refreshing, with plenty of tweetable data ;P

References