Title: Detection of metamorphic malicious mobile code on android-based smartphones

Authors: Sangdon Kim; Hyung-Woo Lee; Jae Deok Lim; Jeong Nyeo Kim

Addresses: School of Computer Engineering, Hanshin University, 137, Hanshindae-gil, Osan, Gyeonggi-do 448-791, South Korea ' School of Computer Engineering, Hanshin University, 137, Hanshindae-gil, Osan, Gyeonggi-do 448-791, South Korea ' Cyber Security-Convergence Research Laboratory, ETRI, 34129, South Korea ' Cyber Security-Convergence Research Laboratory, ETRI, 34129, South Korea

Abstract: By repackaging a malicious code into reverse compiled legitimate mobile code, malware authors can bypass detection step on existing mobile vaccine software using inserting AES-encrypted root exploits to loading some payload from a malicious remote server dynamically. In this case, malicious codes are constantly changing to evade detection steps by continuing its evolution by operating a metamorphic code by adding new propagation vectors, functionality, and stealth techniques to hide its presence and evade the detection of antivirus software. Those metamorphic features are aimed at changing the form of each instance of the malware by using encryption or appended/pre-pended dummy code into internal code of mobile apps. Therefore, we propose a new system to determine and detect metamorphic malicious mobile code by extracting dynamic features activated from Android platform using extended dynamic analysis technique.

Keywords: metamorphic malicious mobile apps; dynamic analysis; android; smartphone and detection of malicious apps.

DOI: 10.1504/IJAMC.2017.084099

International Journal of Advanced Media and Communication, 2017 Vol.7 No.1, pp.56 - 75

Accepted: 04 Jul 2016
Published online: 10 May 2017 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article