Litcius/Paper detail

VAHunt: Warding Off New Repackaged Android Malware in App-Virtualization's Clothing

Luman Shi, Jiang Ming, Jianming Fu, Guojun Peng, Dongpeng Xu, Kun Gao, Xuanchen Pan

202026 citationsDOI

Abstract

Repackaging popular benign apps with malicious payload used to be the most common way to spread Android malware. Nevertheless, since 2016, we have observed an alarming new trend to Android ecosystem: a growing number of Android malware samples abuse recent app-virtualization innovation as a new distribution channel. App-virtualization enables a user to run multiple copies of the same app on a single device, and tens of millions of users are enjoying this convenience. However, cybercriminals repackage various malicious APK files as plugins into an app-virtualization platform, which is flexible to launch arbitrary plugins without the hassle of installation. This new style of repackaging gains the ability to bypass anti-malware scanners by hiding the grafted malicious payload in plugins, and it also defies the basic premise embodied by existing repackaged app detection solutions.

Topics & Concepts

Android (operating system)Plug-inVirtualizationComputer scienceMalwareOperating systemAndroid malwareComputer securityPayload (computing)Cloud computingNetwork packetAdvanced Malware Detection TechniquesSoftware Testing and Debugging TechniquesDigital and Cyber Forensics
VAHunt: Warding Off New Repackaged Android Malware in App-Virtualization's Clothing | Litcius