UBC Theses and Dissertations

UBC Theses Logo

UBC Theses and Dissertations

Understanding the characteristics of invasive malware from the Google Play Store Cao, Michael

Abstract

This thesis provides a detailed in-depth analysis of Android malware samples that bypassed detection by the Google Play app store and penetrated the official Android market between January 2016 and July 2021. By systematically extracting and analyzing samples from 107 malware families, we identify malicious payloads they execute, conditions guarding execution of the payloads, and other implementation level properties relevant for malware detection. As most samples in our dataset contain multiple payloads, each triggered via its own complex activation logic, we also contribute a graph-based representation showing multiple activation paths and payloads for each sample in form of a control- and data-flow graph. We discuss the capabilities of existing malware detection tools, put them in context of the properties observed in the analyzed samples, and identify possible gaps and future research directions. We believe that our detailed analysis of the recent, evasive malware families will be of interest to researchers and practitioners and will help further improve malware detection tools. We make our annotated dataset of 1238 samples from 134 malware families available for future studies.

Item Media

Item Citations and Data

Rights

Attribution-NonCommercial-NoDerivatives 4.0 International