U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

DroidMorph tool generates Android Malware Clones that

Boffins developed a tool dubbed DroidMorph that provides morphing of Android applications (APKs) and allows to create Android apps (malware/benign) clones. A group of researchers from Adana Science and Technology University (Turkey) and the National University of Science and Technology (Islamabad, Pakistan) has developed a tool dubbed DroidMorph that provides morphing of Android applications (APKs) […]

DroidMorph

Boffins developed a tool dubbed DroidMorph that provides morphing of Android applications (APKs) and allows to create Android apps (malware/benign) clones.

A group of researchers from Adana Science and Technology University (Turkey) and the National University of Science and Technology (Islamabad, Pakistan) has developed a tool dubbed DroidMorph that provides morphing of Android applications (APKs) and allows to create Android apps (malware/benign) clones. The experts demonstrated that using the tool it is possible to bypass the Android anti-malware solutions performing permutations of the malware.

The study conducted by the academics aims at developing new techniques to detect and analyze the increasing number of Android malware variants (clones) and stop attacks employing them.

“Malware writers use stealthy mutations (morphing/obfuscations) to continuously develop malware clones, thwarting detection by signature based detectors. This attack of clones seriously threatens all the mobile platforms, especially Android” reads the paper published by the experts.

Then the researchers used the Android APK morphing tool that developed to evaluate the resilience of the current commercial antimalware solutions against attacks employing Android malware clones.

DroidMorph first decompiles an Android APK to an intermediate form, then it carries out morphing at different levels of abstractions (Class, Method, and Body) on it. The morphed intermediate form is then compiled to morphed Android APK. The APK is then signed to generate the final morphed and signed Android APK that is could be executed on the Android devices.

The following images show the architectural overview of DroidMorph:

DroidMorph

Experts tested anti-malware products against a combination of trivial and non-trivial obfuscations, the former by changing class and methods name in the code of the app, while the latter is based on alteration of the execution flow of the applications.

The dataset used by the experts for the tests is composed of 848 Android malware apps collected from two different resources.

The researchers used VirusTotal and selected 17 anti-malware programs to detect the malware variants
generated by DroidMorph. They discovered that 8 out of 17 (LineSecurity, MaxSecurity, DUSecurityLabs, AntivirusPro, 360Security, SecuritySystems, GoSecurity, and LAAntivirusLab) commercial anti-malware programs did not detect any of the morphed APKs.

DroidMorph

The number of Android malware clones are on the rise and to stop this attack of clones we need to study how these clones are generated” concludes the report. “In DroidMorph, we have only implemented some basic trivial and non-trivial obfuscations (morphing). Implementation of other obfuscations is work in progress, which will further improve (reduce detection by anti-malware programs) the results. In future, we will further improve morphing at different levels, specifically class level morphing. We will also add morphing of meta information (permissions etc.) embedded in an APK which will further reduce the detection by anti-malware programs.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Android)

[adrotate banner=”5″]

[adrotate banner=”13″]