Malware Sandbox Evasion Techniques in Mobile Devices

Authors

  • Yugandharee Sankaranarayanan Faculty of Computing, Cyber Security, SLIIT, Colombo, SRI LANKA
  • Sarangan Ravindran Faculty of Computing, Cyber Security, SLIIT, Colombo, SRI LANKA
  • Suhail Ahamed Faculty of Computing, Cyber Security, SLIIT, Colombo, SRI LANKA
  • Kajanthan Balendraraja Faculty of Computing, Cyber Security, SLIIT, Colombo, SRI LANKA

DOI:

https://doi.org/10.31033/ijemr.12.6.9

Keywords:

Malware, Android, Sandbox, Security, Mobile

Abstract

The mobile platform is where it's at. There are currently very few professionals who dispute this view. Because of the rapidly increasing number of smartphones and other devices powered by the Android operating system all over the world, there has been a corresponding surge in the number of mobile apps, particularly harmful mobile apps.  This form of malware is very new, but it is rapidly changing, and it brings hazards that have not been seen before. As a part of Check Point’s ongoing efforts against the rising tide of mobile dangers, we, the Malware Research Team, want to learn as much as we can about the constantly shifting Android malware landscape. This requires understanding the internal operation of as many malicious apps as we can, so we can learn as much as we can. Manual malware analysis has always been a difficult operation, taking days or even weeks to complete for each sample. Because of this, the work is impracticable even for a small sample pool because of the amount of time it takes. Following the successful application of this strategy to mobile malware, our response is to automate as much of the analysis process as is practically practicable. Idan Revivo and Ofer Caspi from Check Point’s Malware Research Team were tasked with developing a system that would take an application and produce a report describing exactly what it does when it is run, specifically pointing out anything "fishy." This would enable us to perform an initial analysis with no human intervention, which is exactly what they have done. The popular CuckooDroid sandbox and a few other open-source projects form the basis of this automated, cross-platform emulation and analysis framework, which allows for static and dynamic APK inspection in addition to evading some VM-detection techniques, encryption key extraction, SSL inspection, API call trace, basic behavioral signatures, and more.  It is easy to make changes and add new features to the framework, and it draws heavily on the expertise of the current Cuckoo community.

Downloads

Download data is not yet available.

Downloads

Published

2022-12-01

How to Cite

Yugandharee Sankaranarayanan, Sarangan Ravindran, Suhail Ahamed, & Kajanthan Balendraraja. (2022). Malware Sandbox Evasion Techniques in Mobile Devices. International Journal of Engineering and Management Research, 12(6), 69–74. https://doi.org/10.31033/ijemr.12.6.9

Issue

Vol. 12 No. 6 (2022): December Issue

Section

Articles

License

Copyright (c) 2022 Yugandharee Sankaranarayanan, Sarangan Ravindran, Suhail Ahamed, Kajanthan Balendraraja

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.