A novel approach for analysing and detection of obfuscated malware payloads in android platform using DexMonitor

Abstract

The developers of Android applications and malware use complex obfuscation and encryption tools and techniques to hinder the mobile applications that they develop from being repackaged and analysed. These tools and techniques obfuscate and encrypt the strings and classes, API calls and control flows in the Dalvik bytecode. The obfuscated and encrypted Android applications which are obtained from sources such as Koodous, Virus Total, etc. need to be analysed using DexMonitor and the countermeasures for packed or obfuscated malware have to be found. A decision support system is then constructed and the guidelines and countermeasures for packed malware are provided.