Rosangela Casolare, Carlo De Dominicis, Fabio Martinelli, Francesco Mercaldo, Antonella Santone
ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and SecurityAugust 2020 Article No.: 50 Pages 1–7
Considering the pervasiveness of mobile devices, malicious writers are constantly focusing their attention in developing malicious payload aimed to gather sensible information from mobile devices without user content. As a matter of fact, it is really easy for malware writers to embed malicious payloads into legitimate applications, by applying the so-called repackaging paradigm, to generate a sample with a signature unknown to anti-malware software. In this paper we propose a twofold approach for the triage and the detection of repackaged Android applications. We propose a visualization schema to assist the malware analyst in the triage of unseen applications and a set of metrics for the automatic detection of repackaged applications. Experimental results show the effectiveness of the proposed approach.