- The Android security team is associated with Mandiant Flare for update
- The open -source binary analysis tool is being improved
- Gemini ai is also being thrown into the mixture
Google is increasing its Android security protection with new application security tools.
In a new blog post, Lin Chen de Google announced that the company’s safety and privacy team of the company is associating with Mandiant Flare, to improve the open source binary analysis tool. In this way, the tool will be better to analyze the Elf ARM files, often used in Android malware.
Cen said that this collaboration will help detect and highlight suspicious code behaviors in native files, allowing malware analysis and faster decision making, with Gemini AI’s help.
Malware detection in elf
When describing how the new tools work, Chen shared a case study of an illegal game application disguised as music application. This application, which is located on Google Play Store, was secretly loading gambling websites for users in specific regions. He used different anti-analysis techniques (hiding key functions in a native Elf file, time zone detection, dynamic and deciphered discipline of additional malicious code) to stay hidden in sight.
However, by taking advantage of static analysis and cape, the Google team identified these deceptive behaviors and successfully eliminated the application.
Capa detects malware capabilities in ELF files, and new rules have been developed specifically for Android, Chen explained.
These rules identify behaviors such as the calls of the API Ptrace (anti-fonds), the extraction of the device and the information of the time zone through JNI, discharge and decrypting the code, using the Base API64 and Cipher to encode/encryption, which allows analysts to quickly locate suspicious functions, without the need mountains of obfuscated code.
Google also added Gemini AI to summarize the most suspicious functions highlighted by Capa. The AI tool can perform risk level evaluations, information on obfuscation, anti-fonds and cover-up tactics, allowing malware detection and faster and more effective malware writing.
“Equipped with the Gemini of Fast Evolution, our analysts can spend less time in those sophisticated samples, minimizing exposure to malicious applications and guaranteeing the safety of Android ecosystems,” Chen concluded.
