Threat Research

Sophos to explore Android threats at AVAR 2017 conference

Android malware is at the top of the agenda, including ways to combat it through machine learning

Four of our researchers will speak on the growing threat of Android malware at the Association of Anti Virus Asia Researchers (AVAR) conference this week, which takes place at the Regent Beijing on 6-8 December 2017. The theme of this year’s event is “Back to Basics: Fighting the Evolving Cyber Criminal.”

Modern vs traditional POS attacks

Senior Threat Researcher Rowland Yu will be examining point-of-sale (POS) malware used to steal credit card and debit card information, from 15.00 – 15.30 on 7 December in room D1.

POS malware has been around for over a decade and traditionally takes aim at machines running on Windows, Unix, or Linux. But at the beginning of 2017, a new type of malware appeared on mobile POS apps for Android. The new malware didn’t cause serious damage, but SophosLabs believes attackers will further target Android POS apps going forward, and that future cases could indeed be damaging.

Your app has a malicious app id

Android malware is the focus of a talk by Senior Researcher William Lee and Chief Data Scientist Joshua Saxe. From 15.30 – 16.00 on 7 December in room D3, they will be outlining a proposed malware classification model based on recurrent neural networks.

This model can learn generalizations about malicious string patterns from an app’s package name and certificate owner info. It learns to extract features and classify malware using embedding and LSTM (Long Short Term Memory) layers.

William and Joshua will be demonstrating how this model can detect new, unseen malware families efficiently without extensive model retraining and how a trained model can be deployed on an Android device.

Constantly evolving Google Play malware

Threat Researcher Jagadeesh Chandraiah will be examining the past year of Android malware discovered on Google Play, from 15.00 – 15.30 on 8 December in rooms D2 and D3.

In September alone, security researchers discovered four different instances of Google Play malware, along with several other instances throughout the year with hundreds of millions of user installs.

During the presentation Jagadeesh plans to dissect several Android malware samples to show how they work and what can be done to neutralize them.

If you are attending the event please do come along and be part of the discussions.

Leave a Reply

Your email address will not be published. Required fields are marked *