Evading android anti-malware by hiding malicious application inside images

Abstract

The growth of Android mobile platform has led to the increase in the number of malicious applications. Malware creators are ahead of the malware detectors. In this paper, we present eight techniques of hiding a malicious Android application inside images (PNG/JPEG) by using methods such as Concatenation, Obfuscation, Cryptography, and Steganography separately and in conjunction. The image containing the malicious application is stored in the resources of another Android application. After hiding the malicious application using these techniques, we evaluated the vulnerability of ten popular and freely downloadable commercial Android anti-malwares towards them. The results were alarming as only one of them was able to detect two hiding techniques in which the malicious Android application (or its obfuscated version) was hidden by concatenating it at the end of an image and rest all the other anti-malwares were blind towards the eight hiding techniques. If the malicious Android application (or its obfuscated version) is not hidden inside an image but resides as it is in the resources of another Android application, seven out of ten anti-malwares flagged such applications as malicious. Such an evaluation provides a metric for measurement of the available defense against evolving Android malware and also aids in improving the state of the art of the Android malware detection systems.