Visible to the public Rotten Apples Spoil the Bunch: An Anatomy of Google Play Malware

TitleRotten Apples Spoil the Bunch: An Anatomy of Google Play Malware
Publication TypeConference Paper
Year of Publication2022
AuthorsCao, Michael, Ahmed, Khaled, Rubin, Julia
Conference Name2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE)
Keywordsandroid, Behavioral sciences, codes, dataset, graph theory, Human Behavior, Internet, Malware, malware analysis, malware detection, manual analysis, Manuals, Metrics, Payloads, privacy, pubcrawl, resilience, Resiliency, Resiliency Coordinator, software engineering
AbstractThis paper provides an in-depth analysis of Android malware that bypassed the strictest defenses of the Google Play application store and penetrated the official Android market between January 2016 and July 2021. We systematically identified 1,238 such malicious applications, grouped them into 134 families, and manually analyzed one application from 105 distinct families. During our manual analysis, we identified malicious payloads the applications execute, conditions guarding execution of the payloads, hiding techniques applications employ to evade detection by the user, and other implementation-level properties relevant for automated malware detection. As most applications in our dataset contain multiple payloads, each triggered via its own complex activation logic, we also contribute a graph-based representation showing activation paths for all application payloads in form of a control- and data-flow graph. Furthermore, we discuss the capabilities of existing malware detection tools, put them in context of the properties observed in the analyzed malware, and identify gaps and future research directions. We believe that our detailed analysis of the recent, evasive malware will be of interest to researchers and practitioners and will help further improve malware detection tools.
DOI10.1145/3510003.3510161
Citation Keycao_rotten_2022