Results for obfuscation

Industry Trends

Unseen Dangers—Obfuscation Tools & Cybercrime

Ever since the arrival of advanced persistent threats, obfuscation technologies have existed to help cybercriminals evade security detection and tracing. It’s an ongoing evolution of technology on the bad guys’ end. It really started with antivirus evasion, years ago.  Today, we have about 500,000 virus samples coming into FortiGuard Labs every day. A lot of those are from the same virus family, but they’re polymorphic—which means they use binary packers to shift the nature of the code every few seconds to try and...

By Derek MankyMarch 21, 2016

Threat Research

Android Packers Talk at Hacktivity

If you have any interest in Android packers, or how to reverse mobile malware that use such packers, please don't miss Ruchna's upcoming talk at Hacktivity . Android Packers: Separating from the Pack - 11. October 2014. 11:20 - 12:05 If you feel like reading on this topic before, I suggest: our joint paper in Virus Bulletin : "Obfuscation in Android malware and how to fight back" (July 2014). With tools and tips to reverse obfuscated samples. Rowland Yu, "Android Packers: Facing the Challenges, Building the Solutions" at Virus Bulletin Conference,...

By Axelle ApvrilleOctober 09, 2014

Threat Research

Sophisticated DEX obfuscation or Proguard configuration issue?

Recently, I ran into a malicious sample (Android/Mseg.A!tr.spy) which was causing Baksmali to stall. This does not happen that often. I contacted Jesus Freke, the author of smali/baksmali, who quickly fixed the issue. A deeper look in the sample turned out to be quite interesting. The sample is highly obfuscated (perhaps actually a bit too much - we'll discuss that later) with very long and strange class and method names. For instance, we note a class named "AFHttpPacket;>" (yes, the ; and > are part of the name) in a no less strange namespace: "java/util/concurrent/BlockingQueue<Lcom/adfresca/sdk/packet"...

By Axelle ApvrilleDecember 16, 2013

Threat Research

VB 2013 - Day 2

This post is the second in a three part series. Click here for Part 1 and here for Part 3 Many Android talks on the 2nd day of VB2013! Actually, the importance of mobile threats is something everybody has observed here, and Helen Martin even started the conference mentioning the fact. What a difference compared to conferences 2 or 3 years ago! Rowland Yu - GinMaster : a case study in Android malware In America or Europe, people often tend to think that malware are only "important" if found in Google Play. Rowland however stated an important...

By Axelle ApvrilleOctober 11, 2013

Threat Research

AV engine detection techniques vs the evolution of malware: cat-and-mouse game

Get rid of clich&#233;s: "Most of anti-virus software products detect malware pieces only through simple checksums. This is often the case for the anti-virus engines which are integrated into network gateways." People mainly believe that the main reason is that network gateways have limited resources to process the sheer amount of data exchanged through it "in real time". And also due to the fact that their OS is "embedded" thus limited. So people think that the bottom line is: "Too easy to bypass !" Let's be clear: reality is more...

By Alexandre AumoineJuly 30, 2012

Threat Research

Android byte-code obfuscation challenge

DexLabs' @thuxnder has recently posted a challenge for Android which is both interesting as a challenge and as a PoC, because it shows how to fool Dex disassemblers. Basically, his strategy consists in using a branch condition, opaque but always true in reality that jumps over the next instruction which is a fill-array-data-payload Dalvik instruction. Then, after the fill-array-data-payload, there are further Dalvik instructions. Most disassemblers disassemble one instruction after the other, and hence understand the final instructions as meaningless...

By Axelle ApvrilleJuly 30, 2012